Confluence Vulnerability Opens Door to GandCrab

  /     /     /  
Publicated : 23/11/2024   Category : security


Confluence Vulnerability Opens Door to GandCrab


An exploit of the vulnerability offers attackers a ransomware surface that doesnt need email.



A vulnerability in a popular devops tool could leave companies with a dose of ransomware to go with their organizational agility. Thats the warning coming from researchers at Trend Micro and Alert Logic as they explain how the vulnerability in Atlassian document-collaboration platform Confluence is being used to deliver a GandCrab payload to victims.
In late March, Atlassian announced critical vulnerabilities in Confluence Data Center and Server software. They announced patches for the bugs at the same time, but that didnt stop criminals from developing an exploit for the vulnerability in the widget connector assigned
CVE-2019-3396
. Once the exploit was published, Alert Logic researchers say that it took criminals less than a day to begin using the weaponized code.
Mounir Hahad, head of Juniper Networks Juniper Threat Labs, says that a particular use case poses the greatest risk to organizations. The danger lies on the in-house deployments, he says, and within that group, Those deployments meant for collaboration across organizations, with a publicly facing web access are at risk.
Because organizations are likely to use the wiki-based Confluence to host critical information regarding development and operations, Hahad says its critical that any company hosting the software make sure it is updated to current versions, and pay special attention to backing up and securing the information shared in the system.
For more, read
here
.
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Confluence Vulnerability Opens Door to GandCrab