Security News > 2023 > October > CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.
One week after CISA added the bug to its list of known exploited vulnerabilities, Microsoft revealed that a Chinese-backed threat group tracked as Storm-0062 has been exploiting the flaw as a zero-day since at least September 14, 2023.
Last year, CISA ordered federal agencies to address another critical Confluence vulnerability exploited in the wild.
Microsoft: State hackers exploiting Confluence zero-day since September.
Atlassian patches critical Confluence zero-day exploited in attacks.
News URL
Related news
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA, FBI Issue Guidance for Securing Communications Infrastructure (source)
- CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign (source)