Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Confluence. Show all posts

Club Penguin Fans Target Disney Server, Exposing 2.5 GB of Internal Data

 

Club Penguin fans reportedly hacked a Disney Confluence server to collect information about their favourite game but ended up with 2.5 GB of internal corporate data instead. 

From 2005 until 2018, Club Penguin was a multiplayer online game (MMO) that included a virtual world where users could engage in games, activities, and talk with one another. The game was produced by New Horizon Interactive, which Disney later purchased. 

While Club Penguin was officially closed in 2017 and replaced by Club Penguin Island in 2018, the game is still available on private servers hosted by fans and independent developers. Despite Disney's opposition to a more prominent 'Club Penguin Rewritten' replica, which resulted in the arrest of its owners, private servers with thousands of players continue to exist today. 

Earlier this week, an anonymous user posted a link to "Internal Club Penguin PDFs" on the 4Chan message board, with the simple statement, "I no longer need these:).” 

The link takes you to a 415 MB collection with 137 PDFs including old Club Penguin internal information such as correspondence, design schematics, documentation, and character sheets. All of this data is at least seven years old, making it solely interesting to game fans. 

BleepingComputer has recently discovered that the Club Penguin data is simply a small part of a much bigger data set stolen from Disney's Confluence server, which houses documentation for different business, software, and IT initiatives used internally by Disney. 

The source says Disney's Confluence servers were compromised using previously leaked passwords. According to the insider, the threat actors were initially looking for Club Penguin data but ended up collecting 2.5 GB of data regarding Disney's corporate strategies, advertising plans, Disney+, internal developer tools, commercial projects, and infrastructure. 

The data includes documentation on a wide range of initiatives and projects, as well as information on internal developer tools Helios and Communicore, which were not previously made public.

Zero-day Exploitable Bug in Atlassian Confluence

 

Researchers are alerting the public that an important Atlassian Confluence vulnerability that was published last week is currently being aggressively exploited. 

Researchers claim that Confluence Server 7.18.0 is affected by the significant unauthorized, remote code execution vulnerability CVE-2022-26134, and they believe that both Confluence Server and Data Center versions 7.4.0 are at risk.

Atlassian advises clients to disable access to their servers using one of two methods because there are no updates available:
  • Preventing access to the internet for Confluence Server and Data Center instances.
  • Confluence Server and Data Center instances can be disabled.
The hard-coded details were published on Twitter after the real-world exploitation, which prompted the Australian software business to give it the top priority in its patching schedule.

It's important to remember that the flaw only manifests itself when the Questions for Confluence app is turned on. However, since the created account is not automatically deleted after the Questions for Confluence program has been uninstalled, doing so does not fix the problem.

Federal organizations must stop all internet access to Confluence servers by June 3. The Cybersecurity and Infrastructure Security Agency (CISA) has added this zero-day to its 'Known Exploited Vulnerabilities Catalog' and ordered federal entities to comply.

The development also occurs in the wake of Palo Alto Networks' discovery that threat actors begin looking for weak endpoints within 15 minutes following the public announcement of a new security defect in its 2022 Unit 42 Incident Response Report.



Recently Patched Confluence Vulnerability Abused in the Wild

 

A significant vulnerability in Confluence's team collaboration server software is on the edge of exploitation after the company released the patch a week ago. 

Threat actors were found abusing the major vulnerability tracked as CVE-2021-26084 which affects Confluence Server and Confluence Data Center software, which is often installed on Confluence self-hosted project management, wiki, and team communication platforms. 

The vulnerability is hidden in OGNL (Object-Graph Navigation Language), a basic scripting language for interfacing with Java code, which is the fundamental technology used to build most Confluence software. 

When Atlassian released the fix on August 25, the firm that owns the Confluence software family, stated the vulnerability could be used by threat actors to circumvent authentication and implant malicious OGNL instructions that allow attackers to take control of the system. 

As an outcome, the vulnerability received a severity rating of 9.8 out of 10, indicating that it could be exploited remotely over the internet and building a weaponized exploit would be relatively simple.

Exploitation begins a week after fixes are released

Attackers and professional bug bounty hunters are investigating Confluence systems for functionalities vulnerable to CVE-2021-26084 exploits, according to Vietnamese security researcher Tuan Anh Nguyen, who stated on Tuesday that widespread scans for Confluence servers are already ongoing. 

Soon after the issue was discovered in the open, two security researchers, Rahul Maini and Harsh Jaiswal released a detailed explanation of the flaw on GitHub, along with various proof-of-concept payloads. Maini explained the procedure of creating the CVE-2021-26084 attack as “relatively simpler than expected,” thus proving the bug's high severity level of 9.8. 

Confluence is a widely used team collaboration software among some of the world's top businesses, and the CVE-2021-26084 vulnerability is highly effective from a threat actor's standpoint, criminal gangs are anticipated to increase their assaults in the next few days. 

As Confluence flaws have previously been widely weaponized, a similar exploitation strategy is probable this time. 

Atlassian states that Confluence is used by over 60,000 clients, including Audi, Hubspot, NASA, LinkedIn, Twilio, and Docker, according to its website.