Security News

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber ransomware. Both vulnerabilities are critical, allowing threat actors to create unauthorized Confluence administrator accounts and lead to data loss.

Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as CVE-2023-22518, this bug received a 9.1/10 severity rating, and it affects all versions of Confluence Data Center and Confluence Server software.

Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances' database, Greynoise is observing. "Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," Atlassian advised.

From Windows 9x to 11: Tracing Microsoft's security evolutionIn this Help Net Security interview, we feature security researcher Alex Ionescu, the co-author of Windows Internals, one of the founding employees of CrowdStrike, now running his consulting company, Winsider Seminars & Solutions, where he continues to do security research focusing on platform security. How human behavior research informs security strategiesIn this Help Net Security interview, Kai Roer, CEO at Praxis Security Labs, explores the theoretical underpinnings, practical implications, and the crucial role of human behavior in cybersecurity.

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper authorization vulnerability with a 9.1/10 severity rating affecting all versions of Confluence Data Center and Confluence Server software.

Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation. Described as an improper authorization vulnerability affecting all versions of Confluence Data Center and Confluence Server software, the bug is tracked as CVE-2023-22518 and puts publicly accessible instances at critical risk.

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as...

Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability that could lead to "Significant data loss if exploited by an unauthenticated attacker.""Versions outside of the support window may also be affected, so Atlassian recommends you upgrade to a fixed LTS version or later," the company said.

Atlassian has told customers they "Must take immediate action" to address a newly discovered flaw in its Confluence collaboration tool. An advisory issued on October 31st warns of CVE-2023-22518, described as an "Improper authorization vulnerability in Confluence Data Center and Server", the on-prem versions of Atlassian's products.

CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.