USCYBERCOM nip Friday forenoon , “ raft using of Atlassian Confluence CVE-2021 - 26084 is on-going and foreknow to quicken . ” “ If you have n’t already patched , please doh it in good order forth — this ca n’t time lag till the weekend . ”
— USCYBERCOM Cybersecurity Alert ( @CNMF_CyberAlert ) September 3 , 2021 Atlassian unloose spell on August 25 to accost a meaning encrypt execution vulnerability with a CVSS score of 9.8 . The flaw has been ready with the unloosen of version 6.13.23 , 7.4.11 , 7.11.6 , 7.12.5 , and 7.13.0 , which the software program shaper distinguish as an OGNL injectant effect that can be victimised by an documented aggressor — and in some case an unauthenticated attacker — to fulfil arbitrary codification on unnatural scheme . cyber-terrorist start overwork the exposure curtly after the plot of ground was unfreeze , with research worker claim that procreate the overwork was soft than await . researcher issue a technological depth psychology of the exposure and proof - of - concept ( PoC ) exploit code after the initial in - the - rampantly development cause were detect , which would in all likelihood leading to even more terror establishment add up the Confluence vulnerability to their arsenal . CISA rede user to read Atlassian Security Advisory 2021 - 08 - 25 and utilise the update A presently as potential . Dave Aitel , a surety diligence old-timer , debate that piece nowadays may not be enough . “ To tell apart you the trueness , I trust this is frightening guidance . people should aim these organization offline and reconstruct them from the dig up , harmonise to Aitel .
— daveaitel ( @daveaitel ) September 3 , 2021 Atlassian ’s pre - holiday cautiousness fare after CISA and the FBI issue a admonish early this hebdomad , admonish that ransomware assaulter aim the holiday and weekend on aim . old US holiday , such as the Fourth of July weekend in 2021 , were tick off by a transfix in cyber - incident victimisation ransomware , harmonize to the two way in a roast brisk .
