2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Atlassian patches critical Confluence zero-day exploited in attacks

Atlassian patches critical Confluence zero-day exploited in attacks>

Admins advised to check for breach signs The company also recommends checking all Confluence instances for indicators of compromise, including:
– unexpected members of the confluence-administrator group
– unexpected newly created user accounts – requests to /setup/*.action in network access logs
– presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory
With the release of a patch, there is a heightened possibility that threat actors will bin-diff the released security patches to discover the patched weakness, potentially speeding up the creation of a usable exploit.

At Atlassian, software security is a top priority, and this week the company has released an important patch which fixes a critical zero-day vulnerability in its popular collaboration and content management tool, Confluence.
The vulnerability, which was discovered by an independent security researcher, could allow remote attackers to execute arbitrary code on vulnerable systems.
In response to the issue, Atlassian released an updated version of Confluence that includes a patch for the vulnerability.
The company is urging all affected users to upgrade to the new version as soon as possible.
The vulnerability, which existed in the way Confluence handles its Lucene search index format, was reported to Atlassian in August and was first seen being actively exploited in the wild in October.
The vulnerability affected Confluence versions 6.15.4 and earlier.
The patch for the vulnerability is included in version 6.15.8 of Confluence or later.
In an advisory, Atlassian warned that “all users should upgrade to the new version of Confluence as soon as possible.” The company also strongly advised users to ensure that all installed applications are kept up to date.
The company has also identified a number of “best practices” for users to follow in order to ensure that their systems remain secure.
These include opting out of automatic updates, monitoring the system for suspicious activity, and regularly reviewing user accounts for unusual activity.
The critical zero-day vulnerability in Confluence underscores the importance of ensuring that all installed applications are kept up to date.
As cybercriminals become more sophisticated, it is essential for users to be proactive about their digital security and to adopt best practices for keeping their systems safe.
Link: https://vidmid.com/news/atlassian-patches-critical-confluence-zero-day-exploited-in-attacks?uid=386524

Categories:

Tags: