SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Attackers actively target Atlassian Confluence vulnerability
Description: U.S. Cyber Command warned American organizations prior to Labor Day weekend that a vulnerability in Atlassian Confluence was under active exploitation. The popular project management software disclosed the vulnerability in August as CVE-2021-26084, which could allow an attacker to remotely execute arbitrary code. Although a patch had been available for about a week, the Cyber Command warning reminded users to patch immediately, advising them to not wait until after the holiday to update. Atlassian described the issue as “an OGNL injection vulnerability” in the Atlassian Confluence Server and Confluence Data Center products, both of which are vulnerable to unauthenticated remote attackers. CVE-2021-26084 has a severity rating of 9.8 out of a possible 10.
Snort SIDs: 58093, 58094
Title: Cisco discloses vulnerability that could allow attackers to authenticate in as admins
Description: Cisco patched a critical vulnerability in its Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) last week that could allow an attacker to gain admin privileges on an affected system. The U.S. Cybersecurity and Infrastructure Security Agency followed up with a warning to all users to patch immediately. Cisco stated in its security advisory that there is no workaround to protect against exploitation of the vulnerability outside of downloading the latest patch. "This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and login as an administrator to the affected device," the advisory reads.
Snort SIDs: 58097 - 58099