A important vulnerability in Atlassian’s Confluence enterprise server app that enables for malicious instructions and reset servers is underneath energetic exploitation by menace actors in assaults that set up ransomware, researchers mentioned.
“Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a threat of great knowledge loss,” Glenn Thorpe, senior director of safety analysis and detection engineering at safety agency GreyNoise, wrote on Mastodon on Sunday. “To date, the attacking IPs all embrace Ukraine of their goal.”
He pointed to a web page displaying that between 12 am and eight am on Sunday UTC (round 5 pm Saturday to 1 am Sunday Pacific Time), three completely different IP addresses started exploiting the important vulnerability, which permits attackers to revive a database and execute malicious instructions. The IPs have since stopped these assaults, however he mentioned he suspected the exploits are persevering with.
Learn 11 remaining paragraphs | Feedback