CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek.

Confluence exploitation

Attempts to exploit a critical Atlassian Confluence vulnerability tracked as CVE-2023-22527 started just days after the existence of the flaw came to light.

An advisory published by Atlassian on January 16 informed customers that out-of-date versions of Confluence Data Center and Server are affected by a critical security hole that allows an unauthenticated attacker to achieve remote code execution. 

The company noted that Confluence Data Center and Server 8 versions released before December 5, 2023, as well as 8.4.5, which no longer receives backported patches, are impacted. 

On Monday, January 22, the non-profit cybersecurity organization The Shadowserver Foundation reported seeing attempts to exploit CVE-2023-22527.

Shadowserver has seen close to 40,000 exploitation attempts coming from roughly 600 unique IP addresses. The activity is mostly “testing callback attempts and ‘whoami’ execution”, which suggests that malicious actors are looking for vulnerable servers that they can compromise and abuse to gain access to victims’ networks. 

The organization pointed out that there are currently 11,000 Confluence instances exposed to the internet, but it’s unclear how many of them are actually vulnerable to attacks exploiting CVE-2023-22527.

The DFIR Report has also seen exploitation attempts for CVE-2023-22527. The company warned about the attacks on January 21. 

Petrus Viet, the researcher who reported the flaw to Atlassian, has confirmed that it cannot be exploited against the latest versions of Confluence. 

Technical details for the vulnerability were made public on Monday by ProjectDiscovery.

It’s not uncommon for threat actors to target Confluence vulnerabilities. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes eight Confluence flaws — CVE-2023-22527 has yet to be added.

Related: Atlassian Patches Critical Remote Code Execution Vulnerabilities

Related: Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw

Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Latest News

CYBERNEWSMEDIAPublisher