Zero-day flaw in Atlassian Confluence exploited in the wild since May

July 4, 2022

Read Time:38 Second

Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare’s web application firewall (WAF) service, the attacks started in late May.

The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.

To read this article in full, please click here

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet