A Deep Dive Into Three Popular CVE-2019-3396 PoCs Used in Confluence Attacks

When a new CVE comes out there is a dilemma between releasing and not releasing proof of concepts (PoCs). This dilemma is exacerbated by the potential impact of the vulnerability. Nothing illustrates this more than the anticipation surrounding BlueKeep, a vulnerability if exploited with RCE that could have major impacts. To date, there have been […]

Read More…

4 Ways Lacework Detects Confluence Attacks

Last week we blogged about attacks exploiting a Confluence vulnerability (CVE-2019-3396). You may be wondering how Lacework detects these attacks? In this blog, we answer that question! If you recall, CVE-2019-3396 is an unauthenticated remote code execution (RCE) vulnerability. It’s exploited with a specially crafted HTTP POST request to a vulnerable Confluence Server. In the […]

Read More…

An Unauthenticated RCE Gold Rush: A Look at Attacks Exploiting Confluence CVE-2019-3396

The recent Confluence vulnerability (CVE-2019-3396) created a gold rush for threat actors. Attackers are exploiting it for cryptojacking, DDoS attacks, and ransomware. We observed some of these attacks in the wild and via our honeypots. In this blog we will share interesting details from the attacks. CVE-2019-3396 On March 20th, 2019 the vulnerability was announced […]

Read More…