Attacker Abuses Victim Resources to Reap Rewards from Titan Network

October 30, 2024 at 03:44AM Trend Micro researchers identified an attacker exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence to execute remote code for cryptomining via the Titan Network. The attacker performed reconnaissance, installed Titan binaries on compromised machines, and connected them to the Cassini Testnet, aiming for financial gain through delegated proof of stake rewards. … Read more

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

August 30, 2024 at 05:13AM Trend Micro researchers discovered an attack exploiting the CVE-2023-22527 vulnerability in older Atlassian Confluence versions, deploying an in-memory fileless backdoor called Godzilla webshell. The backdoor, developed by “BeichenDream,” evades detection with AES encryption and remains in-memory. The attack highlights the importance of regularly patching servers and using advanced security solutions. … Read more

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more

Atlassian Confluence High-Severity Bug Allows Code Execution

June 3, 2024 at 05:09PM SonicWall Capture Labs found a high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence. It enables threat actors to execute arbitrary code with network access and macro language privileges. SonicWall released signatures to protect customers and warned about the available exploit code. Users are urged to upgrade due to Confluence … Read more

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

February 7, 2024 at 04:40AM The blog entry discusses the critical Atlassian Confluence vulnerability CVE-2023-22527, which facilitates remote code execution. Update to Confluence version 8.5.4 or 8.5.5 to address the flaw. The vulnerability’s technical breakdown, exploitation scenarios, and available security solutions are detailed, underscoring the urgency for patching and utilizing security measures. The meeting notes … Read more

Hackers start exploiting critical Atlassian Confluence RCE flaw

January 22, 2024 at 08:45AM Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure … Read more

Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE

January 16, 2024 at 01:10PM A critical unauthenticated remote code execution (RCE) vulnerability affects Atlassian Confluence Data Center and Confluence Server versions released before Dec. 5 (CVE-2023-22527). The bug carries a 10/10 severity rating and affects versions 8.0.x to 8.5.3. Organizations should update to the latest versions to defend against potential cyber-attacks, as no mitigations … Read more

Atlassian Patches Critical Remote Code Execution Vulnerabilities

December 7, 2023 at 05:36AM Atlassian has issued critical patches for remote code execution vulnerabilities in Confluence and other products to address security flaws. Takeaways from Meeting: 1. Atlassian has issued patches for several critical-severity remote code execution vulnerabilities. 2. The vulnerabilities affect Confluence and several other Atlassian products. 3. Users are advised to apply … Read more

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

November 10, 2023 at 05:23AM Cerber ransomware has been exploiting the Atlassian Confluence vulnerability CVE-2023-22518. The vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, granting them full admin privileges. Cerber previously targeted Atlassian in 2021. The ransomware uses an encoded PowerShell command to download and execute a remote payload, encrypting … Read more

Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable

November 7, 2023 at 01:55PM Active cyberattacks targeting unpatched Atlassian Confluence Data Center and Server technology have increased the vulnerability’s CVSS score from 9.1 to 10, the most critical rating. All versions of Atlassian Confluence Data Center and Server are affected, except for cloud instances. The attacks exploit an improper authorization flaw, allowing unauthorized access … Read more