A Critical Security Flaw In Atlassian Confluence Is Now Being Majorly Exploited

[ad_1]

The abuse of a critical vulnerability recently discovered in Atlassian’s Confluence product is now “widespread”, according to multiple security researchers.

The vulnerability is tracked as CVE-2023-22518, an authentication bypass flaw affecting all versions of Confluence Data Center and Confluence Server. It carries a severity score of 9.1, and was initially thought to allow hackers to destroy sensitive data, but not steal it.

A week after Atlassian sounded the alarm, Glenn Thorpe, senior director of security research and detection engineering at security firm GreyNoise, said that he’d observed hackers going after Ukrainian targets. This past Sunday, three different IP addresses were executing malicious commands on target endpoints. The attacks, he added, have since stopped.

C3RB3R and others

Table of Contents

The DFIR Report, on the other hand, warned that a group under the name C3RB3R was using the flaw to somehow deliver ransomware to the targets. In other cases, hackers were using the vulnerability for lateral movement.

“As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment,” the company said.“We have confirmed that at least some of the exploits are targeting CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server.”

“In multiple attack chains, Rapid7 observed post-exploitation command execution to download a malicious payload hosted at 193.43.72[.]11 and/or 193.176.179[.]41, which, if successful, led to single-system Cerber ransomware deployment on the exploited Confluence server.”

Atlassian addressed the vulnerability and patched Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Users are advised to apply the fix immediately. If, for any reason, they can’t do that, they should deploy mitigation measures, including backing up unpatched instances and blocking Internet access until they’re upgraded.

“Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch,” the company said.

Via ArsTechnica

More from TechRadar Pro

[ad_2]
#critical #security #flaw #Atlassian #Confluence #majorly #exploited

A critical security flaw in Atlassian Confluence is now being majorly exploited

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Beat the blackout: A citizen`s guide to load management as extreme heatwaves overload India`s power transformers

Calcutta HC orders fresh CBI SIT probe into RG Kar rape case `cover-up` claims

Forget just water: The AYUSH guide to `electrolyte-rich`, cooling and hydrating foods for 45°C summer

IMD heatwave alert: 45°C temperature to grip north and east India for next 7 days

Punjab govt`s Sehat Yojana saves woman in critical diabetic emergency

2019 Pulwama terror attack mastermind Hamza Burhan killed by unknown gunmen in PoK

`Cockroaches don`t die!`: Viral Cockroach Janta Party launches defiant new handle after original account withheld by X

Essel Group will remain dedicated to nation for next 100 years, says Dr. Subhash Chandra on 100th Anniversary of Essel Group

Ebola outbreak scare: Delhi airport issues urgent travel advisory; India-Africa summit postponed

Jagan Mohan Reddy accuses CM Chandrababu Naidu of misleading people over Amaravati

Welcome

Categorys

Site Links