Tuesday, June 6, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Atlassian Confluence Hardcoded Credentials Bug Actively Exploited

Researcher by Researcher
July 29, 2022
in Cybersecurity
0
Spring Framework Flaw Exploited in Mirai Malware Attacks
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


An Atlassian critical Confluence hardcoded credentials vulnerability that was fixed last week is now under active exploitation.

The flaw (CVE-2022-26138) can be exploited by a remote, unauthenticated attacker that knows the hardcoded password for a specific account on the Questions for Confluence app in order to gain access to all non-restricted pages in Confluence. Atlassian fixed the flaw on July 20, but the company a day later warned that an external party had publicly disclosed the hardcoded password on Twitter, and the flaw was likely to be exploited.

“Unsurprisingly, it didn’t take long for Rapid7 to observe exploitation once the hardcoded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks,” said Glenn Thorpe with Rapid7 in a Wednesday analysis.

The flaw stems from the disabledsystemuser account that helps assist administrators migrating data from the app to Confluence cloud. When a disabledsystemuser account is created on the Questions for Confluence app, it uses a hardcoded password. From there, the account is added to the confluence-users group, which allows the viewing and editing of all non-restricted pages in Confluence by default. The flaw only exists when the Questions for Confluence app is enabled, with the specific impacted versions including Questions for Confluence 2.7.34 and 2.7.35, and Questions for Confluence 3.0.2. That said, uninstalling the Questions for Confluence app does not remediate the flaw, Atlassian warned.

Atlassian announced the issue along with two other critical bugs that exist in the Servlet Filters in Java. These flaws (CVE-2022-26136 and CVE-2022-26137) can be exploited by remote unauthenticated attackers.

Both Rapid7 researchers and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged impacted organizations to mitigate the vulnerability immediately, especially because attackers place a high value on Atlassian products. Previously in June, for instance, threat actors targeted a zero-day flaw (CVE-2022-26134) in the Atlassian Confluence Server and Data Center that allowed remote code execution without authentication. Attackers, including nation-state actors, exploited the flaw in order to deploy web shells, botnets, cryptocurrency mining malware and ransomware.

“Organizations using on-prem Confluence should follow Atlassian’s guidance on updating their instance or disabling/deleting the account,” said Thorpe.



Source link

Related articles

Learn how to protect your company from cyberattacks for just $46

Learn how to protect your company from cyberattacks for just $46

June 5, 2023
Decipher Podcast: Hazel Burton | Decipher

Decipher Podcast: Hazel Burton | Decipher

June 5, 2023
Tags: activelyAtlassianbugConfluenceCredentialsexploitedHardcoded
Share76Tweet47

Related Posts

Learn how to protect your company from cyberattacks for just $46

Learn how to protect your company from cyberattacks for just $46

June 5, 2023
0

Cloud computing brings many business benefits, but it’s essential to know how to protect your data and operations. Image: StackCommerce...

Decipher Podcast: Hazel Burton | Decipher

Decipher Podcast: Hazel Burton | Decipher

June 5, 2023
0

Podcast Ransomware Task Force Ransomware Decipher Podcast: Megan Stifel Returns Megan Stifel, chief strategy officer for the Institute for Security...

Sentra Raises $30 Million for DSPM Technology

Galvanick Banks $10 Million for Industrial XDR Technology

June 5, 2023
0

Galvanick, an early-stage startup working on an Extended Detection & Response (XDR) platform for industrial infrastructure, has scored $10 million...

How to know what personal information Microsoft Edge knows about you

How to know what personal information Microsoft Edge knows about you

June 5, 2023
0

Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to...

FBI: Election Officials in Nine States Received Phishing Emails

Q&A: Megan Stifel | Decipher

June 4, 2023
0

"In many ways it's a heartbreaking problem, that small and medium-sized enterprises who are the lifeblood of the U.S. economy...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Learn how to protect your company from cyberattacks for just $46

Learn how to protect your company from cyberattacks for just $46

June 5, 2023
Decipher Podcast: Hazel Burton | Decipher

Decipher Podcast: Hazel Burton | Decipher

June 5, 2023
Sentra Raises $30 Million for DSPM Technology

Galvanick Banks $10 Million for Industrial XDR Technology

June 5, 2023
BNP Paribas and NatWest Go Live with CobaltFX’s ‘Dynamic Credit’ for FX Credit Management

BNP Paribas and NatWest Go Live with CobaltFX’s ‘Dynamic Credit’ for FX Credit Management

June 5, 2023

Recent Posts

Learn how to protect your company from cyberattacks for just $46

Learn how to protect your company from cyberattacks for just $46

June 5, 2023
Decipher Podcast: Hazel Burton | Decipher

Decipher Podcast: Hazel Burton | Decipher

June 5, 2023
Sentra Raises $30 Million for DSPM Technology

Galvanick Banks $10 Million for Industrial XDR Technology

June 5, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved