We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

Atlassian Confluence vulnerability continues to be actively exploited!

by

Reading time: minutes ( words)
Atlassian Confluence vulnerability continues to be actively exploited

The critical vulnerability (CVE-2022-26134, CVSS score: 9.8) in Atlassian Confluence Server and Data Center products patched in early June continues to be actively exploited for ransomware attacks: In at least two incidents, attackers exploited the vulnerability to spread malicious malicious code (e.g., Cerber ransomware, Cobalt Strike via web shell, Mirai and Kinsing bot variants, and a crypto miner called z0miner).

If the necessary patch has not yet been applied, it is highly likely that systems have now been compromised and should be investigated forensically accordingly.

But there is also danger from supposedly closed security holes: once attackers have successfully installed a cryptominer, it will continue to do its job even after the system is patched. The same applies to successful infiltration using malicious code.

Our Allgeier secion customers with an active managed service contract for ACD are of course informed about malicious communication on their systems; for example, we are currently actively checking for Confluence IoCs.

Conclusion

So time is and will remain a critical factor in detecting and eliminating cyber threats like ransomware.

We show you that you no longer need a SOC, SIEM or forensics: with Active Cyber Defense (ACD) service, you will know 24/7 if attack activity is taking place on your network, immediately after a system has been compromised.

ACD relieves your IT security team and can be booked as a managed service at a fixed monthly price.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back

Related articles

Critical vulnerabilities affect almost all Atlassian applications - updates urgently needed

Critical security vulnerabilities in nearly all Atlassian applications

The reports about critical security vulnerabilities in Atlassian products do not stop. The Australian software company is currently warning of three serious vulnerabilities in numerous of its applications and services. The manufacturer has already published updates and urgently advises users to install the latest software version in order to close the security gaps.

Hacking to listen to: The 5 most popular IT security podcasts from our IT security consultants

Hacking you can listen to: 5 popular IT security podcasts

The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.