[HackerNews] Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] Services Australia rejects senator request for details of Cellebrite contract

All posts, ZDNet

Details of the Australian government’s arrangement to use controversial phone-cracking technology remains unclear. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] DShield Data Analysis: Taking a Look at Port 45740 Activity, (Thu, Jun 3rd)

All posts, Sans-ISC

At the SANS Internet Storm Center (ISC), handlers frequently analyze data submitted from DShield participants to determine activity trends and potential attacks. A few days ago on May 31st, I observed a small anomaly for %%port:45740%% and decided to monitor it for the next 3 days or so. There was a huge spike in number […]

Read More

[TheRecord] Serbian resident pleads guilty to multi-million dollar BEC scheme

A Serbian-Hungarian dual citizen pleaded guilty on Tuesday to operating a $3.7 million business email compromise (BEC) scheme, according to an announcement from the U.S. Department of Justice. The 49-year-old Dejan Medic scammed 15 unnamed victim companies in both the U.S. and Europe by claiming to be a senior executive or board member from the […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.