November 7, 2023 at 01:55PM
Active cyberattacks targeting unpatched Atlassian Confluence Data Center and Server technology have increased the vulnerability’s CVSS score from 9.1 to 10, the most critical rating. All versions of Atlassian Confluence Data Center and Server are affected, except for cloud instances. The attacks exploit an improper authorization flaw, allowing unauthorized access and control, potentially leading to data loss and compromised confidentiality and integrity. It is advised to monitor for signs of attack, such as login issues, access requests, unknown plugins, encrypted files, and unexpected user accounts.
From the meeting notes, we can gather the following key points:
1. There has been a significant increase in ransomware and cyberattacks targeting unpatched Atlassian Confluence Data Center and Server technology.
2. The CVSS score of the related vulnerability has been raised from 9.1 to the most critical rating of 10.
3. All versions of Atlassian Confluence Data Center and Server are affected, but cloud instances are not.
4. The improper authorization flaw (tracked under CVE-2023-22518) has seen an increase in active exploits, including ransomware attacks.
5. Research firm Rapid7 has also issued a warning about the escalating attacks.
6. Atlassian, an Australian company, develops software development and collaboration tools.
7. The improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create an administrator account, leading to a complete loss of confidentiality, integrity, and availability.
8. The vulnerability was first disclosed on October 31 and was observed under active exploit by November 3.
9. Atlassian is currently unable to confirm which customer instances have been affected by the active attacks.
10. Security teams are advised to watch out for signs such as loss of login or access, requests to /json/setup-restore* in network access logs, installed unknown plugins (specifically a plugin called “web.shell.Plugin”), encrypted files or corrupted data, unexpected members in the confluence-administrators group, and unexpected newly created user accounts.
These are the main takeaways from the meeting notes. Please let me know if you need any further clarification or assistance.