Grafana Under Large-Scale Attack: Urgent Update Needed
Grafana is currently under a large-scale coordinated attack, with over 110 unique malicious IPs attempting to exploit a path traversal flaw (CVE-2021-43798) since September 28. The attacks aim to harvest sensitive configuration and credential files from unpatched instances.
The majority of attacks originated from Bangladesh, with the U.S. being the primary target. Attackers used disposable infrastructure, with most IPs first observed on the day of the attack. The payloads followed a classic traversal pattern to reveal credentials or sensitive settings. Grafana Labs, the developer and operator of Grafana, has been coordinating security measures against this vulnerability with various international and national authorities, including the US-CERT, BSI, CERT-Bund, ENISA, and other national CERTs. They have also been working with industry initiatives like FIRST and specific IT security companies to provide updates and mitigate the issue. Mitigations include updating Grafana to the latest secure release, inspecting web server logs, and blocking malicious IPs.
The exploitation of older, high-impact flaws like CVE-2021-43798 remains prevalent. Grafana users are urged to update their systems immediately to protect against further attacks. The coordinated effort by Grafana Labs and various authorities demonstrates the importance of international cooperation in cybersecurity.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
