[TheRecord] Jenkins project discloses security breach following Confluence server hack

The developers of the Jenkins server, one of the most widely used open-source automation systems, said they suffered a security breach after hackers gained access to one of their internal servers and deployed a cryptocurrency miner.

Despite the intrusion and malware deployment, the Jenkins team downplayed the severity of the breach in a statement published on Saturday.

Jenkins admins said the hacked server, which hosted the now-defunct Jenkins wiki portal (wiki.jenkins.io), had already been deprecated since October 2019 when the project moved its wiki and team collaboration systems from a self-hosted Atlassian Confluence server to the GitHub platform.

“At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected,” the Jenkins team said over the weekend.

Following the discovery of the hack, Jenkins developers said they permanently took down the hacked Confluence server, rotated privileged credentials, and reset passwords for developer accounts.

Breach part of the larger Confluence attack wave

The Jenkins breach is part of a recent wave of attacks exploiting CVE-2021-26084 (also nicknamed Confluenza), an authentication bypass and command injection bug in Atlassian’s Confluence server.

As The Record first reported last Wednesday, attacks against Confluence servers began last week and ramped up after security researchers published a proof-of-concept exploit on GitHub.

Attacks exploded throughout the week, prompting US Cyber Command to issue a public warning on Friday, urging administrators to patch affected systems before they left for the US Labor Day extended weekend.

Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.

— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) September 3, 2021

The attacks, which most deployed cryptocurrency miners, according to security firms Bad Packets and Rapid7, are still ongoing.

According to internet monitoring project Censys, there are currently around 15,000 Atlassian Confluence servers that can be reached over the internet. 

According to Censys, on Sunday, September 5, there were 8,597 Confluence servers connected online and still vulnerable to CVE-2021-26084.

Image: Censys

The post Jenkins project discloses security breach following Confluence server hack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] The winged ninja cyber monkeys narrative is absolutely wrong: Former NCSC chief

All posts, ZDNet

‘Hype, fear, uncertainty, doubt, that is our enemy,’ says Ciaran Martin. ‘We need absolutely to demystify cybersecurity.’ Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022

All posts, HackerNews

For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses’ digital defenses.  And unfortunately — the bad guys have the upper hand at the moment. Part of the reason […]

Read More

[NCSC-FI News] Google Play Store now forces apps to disclose what data is collected

Google is rolling out a new Data Safety section on the Play Store, Android’s official app repository, where developers must declare what data their software collects from users of their apps. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.