USCYBERCOM and CISA are Sounding the Alarm Just Before the Labor Day Weekend in the U.S


Just before the Labor Day weekend in the United States, USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing an alert, advising enterprises to fix a significant vulnerability (CVE-2021-26084) impacting Atlassian Confluence Server and Data Center.

USCYBERCOM tweeted Friday morning, “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and anticipated to accelerate.” “If you haven’t already patched, please do it right away— this can’t wait till the weekend.”

Atlassian released patches on August 25 to address a significant code execution vulnerability with a CVSS score of 9.8. The flaw has been fixed with the release of versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0, which the software maker describes as an OGNL injection issue that can be exploited by an authenticated attacker — and in some cases an unauthenticated attacker — to execute arbitrary code on affected systems.

Hackers began exploiting the vulnerability shortly after the patch was released, with researchers claiming that reproducing the exploit was easier than expected.

Researchers released a technical analysis of the vulnerability and proof-of-concept (PoC) exploit code after the initial in-the-wild exploitation efforts were discovered, which would likely lead to even more threat organisations adding the Confluence vulnerability to their arsenal.

CISA advises users to read Atlassian Security Advisory 2021-08-25 and apply the updates as soon as possible.

Dave Aitel, a security industry veteran, argues that patching now may not be enough. “To tell you the truth, I believe this is awful counsel. People should take these systems offline and rebuild them from the ground up, according to Aitel.

Atlassian’s pre-holiday caution came after CISA and the FBI issued a warning earlier this week, warning that ransomware attackers target the holidays and weekends on purpose. Previous US holidays, such as the Fourth of July weekend in 2021, were marked by a spike in cyber-incidents using ransomware, according to the two agencies in a joint alert.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.