Trend Micro and Alert Logic are speaking about a critical Atlassian Confluence Server vulnerability that is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan.
Attackers are exploiting a critical Atlassian Confluence Server #vulnerability, infecting Linux and Windows servers with the infamous GandCrab #ransomware in the process: https://t.co/JDxg860SQT @bbb1216bbb @SCMagazine
— Veracode (@Veracode) April 29, 2019
The #AESDDoS botnet malware variant that we discovered abusing a vulnerability in Atlassian Confluence Server can load #cryptocurrency miners on affected machines. Analysis: https://t.co/KoT6N4640m
— Trend Micro Research (@TrendMicroRSRCH) April 29, 2019
Experts Comments:
Mounir Hahad, Head of the Juniper Threat Labs at Juniper Networks:
On the other hand, those deployment meant for collaboration across organizations, with a publicly facing web access are at risk. This situation is no different from any other web server vulnerability: it is imperative to quickly upgrade to a more recent version of the product which includes a patch to the vulnerability as well as assess your internal network for any signs that it might already have been compromised.”
Pankaj Parekh, Chief Product & Strategy Officer at SecurityFirst: