The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) warned Atlassian Confluence server users to patch their endpoints immediately.
The warning was issued after new findings suggesting a recently discovered flaw – CVE-2023-22515 – is being actively exploited in low-complexity, highly damaging attacks that don’t require any victim interaction to be successful.
In a security advisory, the organizations said that hackers are using the flaw to gain access to systems and then continue active exploitation even post-patch. The flaw is deemed critical, with the three bodies expecting “widespread, continued exploitation due to ease of exploitation”.
Privilege escalation flaw
Besides applying the patch with utmost urgency, users are also encouraged to “hunt for malicious activity” on their networks using the detection signatures and indicators of compromise (IoC) published in the advisory. “If a potential compromise is detected, organizations should apply the incident response recommendations,” the advisory concludes.
The three organizations are referring to a vulnerability tracked as CVE-2023-22515, a critical privilege escalation flaw found in Confluence Data Center and Server 8.0.0. Instances.
Atlassian patched the flaw on October 4, urging users to immediately upgrade to versions that are not affected – 8.3.3 or later, 8.4.3 or later, 8.5.2 or later. Organizations that were unable to apply the patch immediately were advised to shut down the servers, or disconnect them from the global internet.
In the meantime, a Chinese state-sponsored threat actor Storm-0062 was observed abusing it in attacks, BleepingComputer reported. The attacks were seemingly very limited, Greynoise added, but with proofs-of-concept being on the way, that might soon change for the worse. The publication added that previous similar campaigns involved Linux botnet malware, crypto miners, and ransomware attacks, hinting at the size of the problem.
More from TechRadar Pro
- Cisco releases urgent patch for flaw that could let hackers access Emergency Response Systems
- Here’s a list of the best firewalls today
- These are the best malware removal tools right now
At TechRookies.com will strive to help turn Tech Rookies into Pros!
Want more articles click Here!
Deals on Homepage!
Subscribe to our newsletters. Here! On the homepage
Tech Rookies Music Here!
Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.
Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com
Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.