Critical Atlassian 0-day is under active exploit. You’re patched, right?

The phrase Zero Day can be spotted on a monochrome computer screen clogged with ones and zeros.

Enlarge (credit: Getty Images)

About this time last week, threat actors began quietly tapping a previously unknown vulnerability in Atlassian software that gave them almost complete control over a small number of servers. Since Thursday, active exploits of the vulnerability have mushroomed, creating a semi-organized frenzy among competing crime groups.

"It is clear that multiple threat groups and individual actors have the exploit and have been using it in different ways," said Steven Adair, president of Volexity, the security firm that discovered the zero-day vulnerability while responding to a customer's breach over the Memorial Day weekend. "Some are quite sloppy and others are a bit more stealth." His tweet came a day after his firm released the report detailing the vulnerability.

Adair also said that the industry verticals being hit "are quite widespread. This is a free-for-all where the exploitation seems coordinated."

Read 3 remaining paragraphs | Comments



https://ift.tt/arMosnV

Comments