Summary:

A critical zero-day flaw in Atlassian Confluence has been exploited by hackers, allowing them to access servers through fake admin accounts. The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have warned administrators to update their servers immediately. The flaw is classified as a Broken Access Control vulnerability, and hackers have used tools like cURL and Rclone to steal data. Mitigations include upgrading to fixed versions, implementing multifactor authentication, and adhering to best cybersecurity practices.

Hashtags:

#CISA #FBI #Atlassian #ZeroDay #CyberSecurity

https://cybersecuritynews.com/atlassian-zero-day-flaw-under-attack/