March 21, 2023

The Jenkins Project disclosed a security breach after threat actors compromised one of their internal servers and installed a cryptocurrency miner. Maintained by Jenkins community it’s a powerful open source automation tool

The attackers breached a deprecated Confluence service used by the organization exploiting the Confluence CVE-2021-26084 vulnerability. In response to the incident, the Jenkins team took the affected server offline and launched an investigation into the security incident.

The maintainers of the project are not aware of any compromise for Jenkins releases, plugins, or source code have been affected.

Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Its only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.

Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Tags:

Leave a Reply

You may have missed

DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
ForgeRock new Passwordless Service

ForgeRock new Passwordless Service

March 20, 2023
New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
%d bloggers like this: