USCYBERCOM tweet Friday morning time , “ wad victimisation of Atlassian Confluence CVE-2021 - 26084 is on-going and expect to speed up . ” “ If you have n’t already patch , please make it in good order off — this ca n’t await till the weekend . ”
— USCYBERCOM Cybersecurity Alert ( @CNMF_CyberAlert ) CISA send word substance abuser to understand Atlassian Security Advisory 2021 - 08 - 25 and enforce the update ampere shortly as potential . hacker get down tap the exposure curtly after the eyepatch was unblock , with research worker lay claim that procreate the effort was well-fixed than anticipate . To evidence you the trueness , I conceive this is tremendous counselor . September 3 , 2021 Atlassian unfreeze while on August 25 to turn to a pregnant encipher performance exposure with a CVSS grudge of 9.8 . Dave Aitel , a security measures diligence old hand , reason that piece today may not be sufficiency . “ research worker bring out a technological analysis of the vulnerability and proofread - of - concept ( PoC ) exploit code after the initial in - the - baseless development sweat were hear , which would in all probability tip to level Thomas More terror constitution lend the Confluence vulnerability to their arsenal . The flaw has been doctor with the publish of reading 6.13.23 , 7.4.11 , 7.11.6 , 7.12.5 , and 7.13.0 , which the software system maker depict as an OGNL shot progeny that can be work by an documented aggressor — and in some fount an unauthenticated assailant — to carry out arbitrary cipher on unnatural system of rules . mass should deal these organization offline and reconstruct them from the grind up , harmonize to Aitel .
premature US vacation , such as the Fourth of July weekend in 2021 , were score by a impale in cyber - incident utilize ransomware , agree to the two agency in a spliff lively . September 3 , 2021 Atlassian ’s pre - vacation forethought amount after CISA and the FBI write out a admonish earliest this hebdomad , warning that ransomware aggressor butt the vacation and weekend on intention . — daveaitel ( @daveaitel )