Security News > 2024 > April > Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
2024-04-17 10:57
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a
News URL
https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html
Related news
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- New Mallox ransomware Linux variant based on leaked Kryptina code (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |