Subj : A critical security flaw in Atlassian Confluence is now being maj
To   : All
From : TechnologyDaily
Date : Tue Nov 07 2023 15:30:05

A critical security flaw in Atlassian Confluence is now being majorly 
exploited

Date:
Tue, 07 Nov 2023 15:15:36 +0000

Description:
Hackers are using Confluence vulnerability to deploy ransomware, while others 
use it for lateral movement.

FULL STORY
======================================================================

The abuse of a critical vulnerability recently discovered in Atlassians 
Confluence product is now widespread, according to multiple security 
researchers. 

The vulnerability is tracked as CVE-2023-22518, an authentication bypass flaw 
affecting all versions of Confluence Data Center and Confluence Server. It 
carries a severity score of 9.1, and was initially thought to allow hackers 
to destroy sensitive data, but not steal it. 

A week after Atlassian sounded the alarm, Glenn Thorpe, senior director of 
security research and detection engineering at security firm GreyNoise, said 
that hed observed hackers going after Ukrainian targets.This past Sunday, 
three different IP addresses were executing malicious commands on target 
endpoints . The attacks, he added, have since stopped. C3RB3R and others 

The DFIR Report, on the other hand, warned that a group under the name C3RB3R 
was using the flaw to somehow deliver ransomware to the targets. In other 
cases, hackers were using the vulnerability for lateral movement. 

As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is 
observing exploitation of Atlassian Confluence in multiple customer 
environments, including for ransomware deployment, the company said.We have 
confirmed that at least some of the exploits are targeting CVE-2023-22518, an 
improper authorization vulnerability affecting Confluence Data Center and 
Confluence Server. 

In multiple attack chains, Rapid7 observed post-exploitation command 
execution to download a malicious payload hosted at 193.43.72[.]11 and/or 
193.176.179[.]41, which, if successful, led to single-system Cerber 
ransomware deployment on the exploited Confluence server. 

Atlassian addressed the vulnerability and patched Confluence Data Center and 
Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1. 

Users are advised to apply the fix immediately. If, for any reason, they cant 
do that, they should deploy mitigation measures, including backing up 
unpatched instances and blocking Internet access until they're upgraded. 

"Instances accessible to the public internet, including those with user 
authentication, should be restricted from external network access until you 
can patch," the company said. 

 Via ArsTechnica More from TechRadar Pro Even the FBI says you need to patch 
this Atlassian Confluence bug right now Here's a list of the best firewalls 
today These are the best malware removal tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-critical-security-flaw-in-atlassian-c
onfluence-is-now-being-majorly-exploited


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.