USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend.
US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.
Government experts are aware of the ongoing mass exploitation of the CVE-2021-26084 flaw and believe it could rapidly accelerate.
— U.S. Cyber Command (@US_CYBERCOM) September 3, 2021
Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. At the time of this writing, experts only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.
The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to
Read the article