Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical Confluence flaw exploited in ransomware attacks

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and Confluence Server. Atlassian last week warned of the CVE-2023-22518 (CVSS score 9.1), the issue is an […]

Confluence flaw

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server.

Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and Confluence Server.

Atlassian last week warned of the CVE-2023-22518 (CVSS score 9.1), the issue is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.

“As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker.” reads the advisory.

At the time of the initial disclosure, Atlassian was not aware of attacks in the wild exploiting this vulnerability, however, the company urged customers to immediately take action to protect their installs.

The vulnerability was addressed with the release of the following versions:

  • 7.19.16 or later
  • 8.3.4 or later
  • 8.4.4 or later
  • 8.5.3 or later, and
  • 8.6.1 or later

Atlassian states that there is no impact on confidentiality as an attacker cannot exfiltrate any instance data. Confluence sites that are accessed via an atlassian.net domain are not impacted by this issue because are hosted by Atlassian.

On Friday, the software company updated its advisory again revealing that the vulnerability is under active exploitation.

“We received a customer report of an active exploit. Customers must take immediate action to protect their instances. If you already applied the patch, no further action is required.” states the advisory.

Over the weekend, threat intelligence firm GreyNoise observed exploitation attempts for the vulnerability CVE-2023-22518.

Confluence flaw

Rapid7 researchers observed the exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment.

“As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment,” reads the report published by Rapid7.

“In multiple attack chains, Rapid7 observed post-exploitation command execution to download a malicious payload hosted at 193.43.72[.]11 and/or 193.176.179[.]41, which, if successful, led to single-system Cerber ransomware deployment on the exploited Confluence server.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)