1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Atlassian Confluence hacked to mine Monero

    From TechnologyDaily@1337:1/100 to All on Wed Sep 8 18:30:04 2021
    Atlassian Confluence hacked to mine Monero

    Date:
    Wed, 08 Sep 2021 17:12:12 +0000

    Description:
    Attackers compromise a deprecated Confluence server of the popular Jenkins project to mine for cryptocurrency.

    FULL STORY ======================================================================

    The Jenkins project discovered that last week one of its deprecated
    Confluence servers fell victim to the recently disclosed remote code
    execution (RCE) vulnerability.

    Jenkins is a popular open source tool that helps automate parts of software development.

    Recently a proof-of-concept exploit code for the Confluence vulnerability, tracked as CVE-2021-26084, became public, and it didnt take long for threat actors to begin scanning and exploiting vulnerable instances of the popular collaboration platform , for nefarious purposes like installing cryptominers
    . These are the best endpoint protection tools Check our list of the best firewall apps and services Here's our choice of the best malware removal software on the market

    Thus far in our investigation, we have learned that the Confluence CVE-2021-26084 exploit was used to install what we believe was a Monero miner in the container running the service. From there an attacker would not be
    able to access much of our other infrastructure, members from the Jenkins project shared via a joint blog post . Assuming the worst

    For its part, Atlassian was quick to issue a patch to plug the security
    gaffe, but that didnt dissuade the attackers.

    In fact, the scanning and exploitation reached such levels that various cybersecurity agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the US Cyber Command (USCYBERCOM) issued advisories urging admins to patch their vulnerable servers without delay.

    The compromised Confluence server at Jenkins had been deprecated since 2019, and the projects infrastructure team had been migrating its content over to GitHub.

    While the server has now been permanently disabled, the project shared that since the Confluence server was integrated with their identity management system, which also powers other services such as Jira, Artifactory, and several others, its conducting a thorough investigation.

    At the moment it doesnt appear any developer credentials were exfiltrated during the attack, but since Jenkins cannot assert otherwise, the project is assuming the worst and has reset passwords for all accounts in their integrated identity system.

    We are taking actions to prevent releases at this time until we re-establish
    a chain of trust with our developer community, shares the project. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/atlassian-confluence-hacked-to-mine-monero/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)