Over the weekend, Adobe released an emergency update to fix a 0-day vulnerability in Magento…
CVE-2022-26134 is reported to be an RCE vulnerability that does not require authentication to exploit. Atlassian says the vulnerability is confirmed in Confluence Server 7.18.0, and Confluence Server and Data Center 7.4.0 and above are also affected.
Since work on patches is still underway, the developers recommend either restricting access to Confluence Server and Data Center from the Internet, or temporarily disabling them altogether.
Volexity experts talked about attacks on this bug. They write that the bug was discovered at the beginning of this week, on May 31, and after conducting an investigation, Volexity was able to reproduce the exploit that hackers used against the latest version of Confluence Server and transfer all information to Atlassian.
During the attack studied by experts, the attackers installed BEHINDER, a JSP web shell that allows remote commands to be executed on a compromised server, on the victim’s system. The hackers then used BEHINDER to install the China Chopper web shell and a simple file upload tool.
According to the researchers, the attackers stole user tables from the Confluence server, introduced additional web shells, and changed the logs to hide traces of their presence.
Analysts believe that multiple attackers from China are behind these attacks and exploits.
News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…
News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…
News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…
News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…
News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…
News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…