CVE-2022–26134 — Zero-Day Exploitation of Atlassian Confluence

Intro

Atlassian has confirmed a vulnerability reported on May 31st, and assigned the issue to CVE-2022–26134. This vulnerability has been confirmed to affect current versions of Confluence Server and Data Center.

CVE-2022–26134

Zero-day exploit that allows unauthenticated remote code execution on the affected servers.

Protecting Web Servers.

In a previous blog entry we covered how to protect web servers using web application firewalls based on Open Source technologies.

Advanced Malware Scan Using Yara.

Our GitHub repo includes scripts to run malware scan using Yara and alert via Wazuh agent on any files flagged by the Yara rules.

Yara Malware Scanner
OSQUERY — Running Processes not loaded from mages on disk.

--

--

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).