US Cyber Command Warns of Ongoing 'Mass Exploitation' of Critical Confluence VulnUS Cyber Command Warns of Ongoing 'Mass Exploitation' of Critical Confluence Vuln
Apply Atlassian's patch now — before the holiday weekend — the US Defense Department cybersecurity unit and CISA say.
September 3, 2021
On the heels of an advisory earlier this week from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI about the potential for widespread ransomware attacks over the upcoming Labor Day weekend, the US Cyber Command today warned of ongoing and spreading attacks in the wild exploiting a vulnerability in the Confluence workspace software platform.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already — this cannot wait until after the weekend," the US Cyber Command posted on its Twitter feed today.
CISA also issued an alert today, urging organizations to install the patches immediately.
Atlassian on Aug. 25 issued an update for the remote code execution flaw, but attackers appear to be winning the race with organizations that have not yet applied the patch. The Object-Graph Navigation Language injection vulnerability could let an authenticated user and an unauthenticated user to run arbitrary code on a Confluence Server or Data Center instance, according to the company. Confluence Cloud is not affected by the flaw.
See Atlassian's alert here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Get the Gartner Report: SOC Model Guide
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage