Connect with us

Hi, what are you looking for?

Cyber Security

CISA Urges Patching Atlassian Software Before Holiday Weekend

A vulnerability in collaboration software is undergoing “mass exploitation,” according to U.S. Cyber Command.

The Cybersecurity and Infrastructure Security Agency is imploring administrators to apply recent updates to “Confluence”—collaboration software made by Atlassian—in an event officials have been anticipating.

“CISA urges users and administrators to review Atlassian Security Advisory 2021-08-25 and immediately apply the necessary updates,” reads an alert the agency posted to the National Cyber Awareness System Friday. “On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system.”

On Tuesday, CISA and the FBI published an advisory with trends and mitigation measures to raise awareness of the need for heightened vigilance as the Labor Day weekend approaches. And on Thursday, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger took to the White House podium to do the same.  

“We encourage you to please visit the site, read the advisory and take those critical steps,” she said. “Organizations and individuals should be on alert now because criminals sometimes lay in their steps in advance and begin their planning. The purpose of this is really to raise awareness, before a holiday weekend, given the history of increased criminal cyber activity during holiday weekends.”

The attacks they warned of have arrived in time to foil plans of taking off early to enjoy the holiday, except perhaps for those who have already patched the vulnerability and enforced their defenses as advised. 

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” US Cyber Command tweeted Friday. “Please patch immediately if you haven’t already— this cannot wait until after the weekend.”

Source: https://www.nextgov.com/cybersecurity/2021/09/cisa-urges-patching-atlassian-software-holiday-weekend/185115/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs. Malware leveraging flaws...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO