Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend

USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are sounding the alarm just before the Labor Day weekend in the U.S., urging organizations to patch a critical vulnerability (CVE-2021-26084) affecting Atlassian Confluence Server and Data Center. 

USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are sounding the alarm just before the Labor Day weekend in the U.S., urging organizations to patch a critical vulnerability (CVE-2021-26084) affecting Atlassian Confluence Server and Data Center. 

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” USCYBERCOM tweeted Friday morning. “Please patch immediately if you haven’t already— this cannot wait until after the weekend.”

On August 25, Atlassian issued patches to address the critical code execution vulnerability that carried a CVSS score of 9.8. Described by the software maker as an OGNL injection issue that can be exploited by an authenticated attacker — and in some cases an unauthenticated attacker — to execute arbitrary code on affected systems, the flaw has been fixed with the release of versions 6.13.23, 7.4.11, 7.11.6, 7.12.5 and 7.13.0.

Shortly after announcing the patch, hackers began exploiting the vulnerability, with researchers saying it was easier than expected to reproduce the exploit. 

After the first in-the-wild exploitation attempts were spotted, researchers released a technical analysis of the vulnerability and proof-of-concept (PoC) exploit code, which will likely lead to even more threat groups adding the Confluence vulnerability to their arsenal.

CISA is urging users to review Atlassian Security Advisory 2021-08-25 and immediately apply the necessary patches. 

However, security industry veteran Dave Aitel believes patching now may not be enough. “To be honest I think this is bad advice. People should be taking these systems completely offline and rebuilding them from scratch,” Aitel said in a tweet.

The pre-holiday Atlassian warnings followed an earlier alert this week from CISA and the FBI, warning that ransomware actors deliberately launch attacks during the holidays and weekends. In a joint alert, the two agencies reminded that previous U.S. holidays such as the Fourth of July weekend in 2021 were marked by an increase in cyber-incidents involving ransomware.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.