Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access to sensitive information or spreading malware.
Exploiting vulnerabilities in Confluence can lead to:-
These things make it an attractive target for cybercriminals and malicious actors. Cybersecurity researchers at Rapid 7 recently identified that hackers actively exploit the zero-day flaw to deploy ransomware.
Rapid7 MDR (Managed Detection and Response) detects Atlassian Confluence exploitation, including ransomware, targeting the following vulnerabilities that were disclosed in October 2023:-
On November 5, 2023, Rapid7 MDR began targeting Confluence Server exploitation. The process chain was similar across several contexts, indicating that assaults were likely to be prevalent.
Besides this, the POST requests in HTTP access logs were observed on both the following platforms:-
Following the first round of enumeration, the threat actors downloaded a malicious payload using Python Base64 instructions, which would have resulted in the deployment of Cerber ransomware.
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Here below, we have mentioned all the fixed versions of Confluence:-
Atlassian Cloud users are safe from this issue; however, customers with vulnerable Confluence sites should update immediately and restrict external access for security.
If immediate updates are impossible, follow Atlassian’s interim measures for risk mitigation, but applying vendor patches is the best practice.
Here below, we have mentioned all the temporary mitigations:-
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to…
A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using compromised…
North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting…
In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global companies,…
Elastic Security Labs has uncovered a sophisticated cyber-espionage campaign, tracked as REF7707, targeting entities across…
NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the…