• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
experts warn of ransomware hackers exploiting atlassian and apache flaws

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

You are here: Home / General Cyber Security News / Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
November 7, 2023

Numerous ransomware teams have begun to actively exploit just lately disclosed flaws in Atlassian Confluence and Apache ActiveMQ.

Cybersecurity organization Fast7 stated it noticed the exploitation of CVE-2023-22518 and CVE-2023-22515 in a number of buyer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware.

Both equally vulnerabilities are critical, allowing for risk actors to develop unauthorized Confluence administrator accounts and guide to info decline.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

Atlassian, on November 6, up to date its advisory to take note that it observed “quite a few energetic exploits and studies of menace actors working with ransomware” and that it is revising the CVSS rating of the flaw from 9.8 to 10., indicating greatest severity.

The escalation, the Australian enterprise claimed, is owing to the improve in the scope of the attack.

Ransomware Hackers

Attack chains include mass exploitation of vulnerable internet-dealing with Atlassian Confluence servers to fetch a malicious payload hosted on a distant server, top to the execution of the ransomware payload on the compromised server.

Info collected by GreyNoise reveals that the exploitation attempts are originating from three distinctive IP addresses positioned in France, Hong Kong, and Russia.

Cybersecurity

Meanwhile, Arctic Wolf Labs has disclosed that a extreme remote code execution flaw impacting Apache ActiveMQ (CVE-2023-46604, CVSS score: 10.) is staying weaponized to provide a Go-dependent remote entry trojan named SparkRAT as properly as a ransomware variant that shares similarities with TellYouThePass.

“Proof of exploitation of CVE-2023-46604 in the wild from an assortment of threat actors with differing targets demonstrates the have to have for rapid remediation of this vulnerability,” the cybersecurity business said.

Found this post attention-grabbing? Adhere to us on Twitter  and LinkedIn to read much more distinctive material we put up.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «critical flaws discovered in veeam one it monitoring software – Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
Next Post: SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities sidecopy exploiting winrar flaw in attacks targeting indian government entities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.