Atlassian’s Wiki Software Confluence servers and data centers are vulnerable — and that’s exactly what attackers are currently exploiting. According to the comments of security researchers, attackers scan for systems, attack them and try to install a crypto Trojan.
Attacks on Linux and Windows Servers
As “CriticalA classified security vulnerability (CVE-2021-26084) can be found at Confluence Server Webworks OGNL. Not much information is known about the possible attack scenarios. For successful attacks attackers must be authenticated. In some cases, however, attacks should be possible even without authentication.
Now, among other things, security researchers are warning of bad packets on Twitter Against attacks on Linux and Windows servers with weak Confluence versions. After a successful attack, crypto miner XMRig must descend on the system and sabotage its computing power for cryptocurrency mining.
If there is no patch, the solution
But it doesn’t have to stop there and attackers can leave behind doors or spy Trojans on servers. For example, they can compromise entire networks and copy internal business information. Administrators should quickly get one of the secure versions 6.13.23, 7.4.11, 7.11.6, 7.12.5 And 7.13.0 To install. All minor versions are said to be insecure. Atlassian advises administrators to install Long Term Support version 7.13.0 (LTS). a post tells how to upgrade.
If administrators are currently unable to install security updates, they should temporarily script Confluence Server linux or windows (to be found under quenching).