November 6, 2023 at 07:42AM GreyNoise has issued a warning about the first attempts to exploit a recent vulnerability in Atlassian Confluence Data Center and Confluence Server. The critical security flaw, CVE-2023-22518, could lead to significant data loss and affects all Confluence versions. Atlassian has released patches for the vulnerability, but has also warned that … Read more
November 4, 2023 at 12:30PM An Apache ActiveMQ vulnerability, CVE-2023-46604, was exploited maliciously prior to patch releases, according to Huntress. Thousands of vulnerable internet-exposed instances are still at risk. Evidence suggests the exploitation began as a zero-day on October 10, with attackers attempting to deliver HelloKitty ransomware. Users are urged to update ActiveMQ to versions … Read more
October 31, 2023 at 02:06PM Australian software company Atlassian has issued a warning to admins to patch their Internet-exposed Confluence instances due to a critical security flaw. The vulnerability, tracked as CVE-2023-22518, could lead to data loss. While it doesn’t impact confidentiality or allow for data exfiltration, it is necessary to take immediate action to … Read more
October 31, 2023 at 08:18AM Atlassian has discovered a critical security flaw in Confluence Data Center and Server that could lead to significant data loss. The vulnerability is rated 9.1 out of 10 in severity and affects all versions of Confluence. Atlassian recommends applying the necessary patches and disconnecting public internet access to vulnerable instances. … Read more
October 27, 2023 at 11:17AM A critical vulnerability, CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. It allows unauthenticated remote code execution by attackers with remote access to the utility. The vulnerability has a CVSS v3.1 score of 9.8. Devices with the Traffic Management User Interface exposed to the internet are at risk. … Read more
October 18, 2023 at 01:48PM Google’s Threat Analysis Group has found that government-backed hacking groups from Russia and China are still using a security flaw in the WinRAR file archiving utility, despite patches being released three months ago. The vulnerability, which allows attackers to execute code, has been known since at least April and is … Read more