Patch Now! Crypto Miner Slips From Confluence Loophole

Patch Now!  Crypto Miner Slips From Confluence Loophole

Atlassian’s Wiki Software Confluence servers and data centers are vulnerable — and that’s exactly what attackers are currently exploiting. According to the comments of security researchers, attackers scan for systems, attack them and try to install a crypto Trojan.

As “CriticalA classified security vulnerability (CVE-2021-26084) can be found at Confluence Server Webworks OGNL. Not much information is known about the possible attack scenarios. For successful attacks attackers must be authenticated. In some cases, however, attacks should be possible even without authentication.

Now, among other things, security researchers are warning of bad packets on Twitter Against attacks on Linux and Windows servers with weak Confluence versions. After a successful attack, crypto miner XMRig must descend on the system and sabotage its computing power for cryptocurrency mining.

But it doesn’t have to stop there and attackers can leave behind doors or spy Trojans on servers. For example, they can compromise entire networks and copy internal business information. Administrators should quickly get one of the secure versions 6.13.23, 7.4.11, 7.11.6, 7.12.5 And 7.13.0 To install. All minor versions are said to be insecure. Atlassian advises administrators to install Long Term Support version 7.13.0 (LTS). a post tells how to upgrade.

If administrators are currently unable to install security updates, they should temporarily script Confluence Server linux or windows (to be found under quenching).


(From)

More from Laurence Porter
Princi Presents NIS Classics Volume 1 – Released for Nintendo This Summer
NIS America announced the Princes present NIS Classic Volume 1 for the...
Read More
Leave a comment

Your email address will not be published. Required fields are marked *