Security News

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. According to Atlassian, the app helps improve communication with the organization's internal Q&A team and is currently installed on over 8,000 Confluence servers.

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner on victim networks.

Timeline May 31: Volexity found zero-day vulnerability in Atlassian Confluence. AI Spera used Criminal IP to determine the number of Atlassian Confluence servers connected to the Internet.

Ransomware gangs are now targeting a recently patched and actively exploited remote code execution vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. Ransomware starts circling unpatched Confluence servers.

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. Various proof of concept exploits were released in the days that followed, giving a broader base of malicious actors an easy way to exploit the flaw for their purposes.

Several botnets are now using exploits targeting a critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. After proof-of-concept exploits were published online, cybersecurity firm GreyNoise said it detected an almost ten-fold increase in active exploitation, from 23 IP addresses attempting to exploit it to more than 200.

Threat actors are using public exploits to pummel a critical zero-day remote code execution flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover. Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. The vulnerability tracked as CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability exploited through OGNL injection and impacts all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 - another security flaw the Australian software company patched in August 2021.