US Cyber Command Warns of Ongoing Mass Exploitation of Critical Confluence Vuln

  /     /     /  
Publicated : 23/11/2024   Category : security


US Cyber Command Warns of Ongoing Mass Exploitation of Critical Confluence Vuln


Apply Atlassians patch now — before the holiday weekend — the US Defense Department cybersecurity unit and CISA say.



On the heels of
an advisory
earlier this week from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI about the potential for widespread ransomware attacks over the upcoming Labor Day weekend, the US Cyber Command today warned of ongoing and spreading attacks in the wild exploiting a vulnerability in the Confluence workspace software platform.
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already — this cannot wait until after the weekend, the US Cyber Command posted on
its Twitter feed
today.
CISA
also issued an alert
today, urging organizations to install the patches immediately.
Atlassian on Aug. 25
issued an update
for the remote code execution flaw, but attackers appear to be winning the race with organizations that have not yet applied the patch. The Object-Graph Navigation Language injection vulnerability could let an authenticated user and an unauthenticated user to run arbitrary code on a Confluence Server or Data Center instance, according to the company. Confluence Cloud is not affected by the flaw.
See Atlassians alert
here
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
US Cyber Command Warns of Ongoing Mass Exploitation of Critical Confluence Vuln