iTnews Asia
  • Home
  • News
  • Security

Confluence vulnerabilities under active ransomware exploitation

Confluence vulnerabilities under active ransomware exploitation

Patch immediately.

By Richard Chirgwin on Nov 8, 2023 10:24AM

The Atlassian Confluence Data Centre and Server vulnerability first disclosed last week is under active exploitation.

Security company Rapid7 said it has seen attackers exploiting improper authorisation vulnerability designated CVE-2023-22518.

Rapid7 said an execution chain that is “consistent across multiple environments” indicates “possible mass exploitation of vulnerable internet-facing Atlassian Confluence servers”.

If an attack is successful, Rapid7’s post said, the Cerber ransomware is installed on the exploited Confluence server.

Atlassian’s updated advisory said it had received at least one customer exploitation report, and that it had upgraded the CVSS score for this vulnerability from 9.1 to 10.

Dr Johannes Ullrich of the SANS Institute wrote that the institute has seen traffic trying to attack the Confluence URLs identified in Atlassian’s advisory, along with this URL: “/rest/api/user?username=”.

He wrote that the institute has spotted an IP address, 206.189.179.132, which is a known attacker: “no stranger to our logs”.

Other attacker IPs in the SANS Institute’s logs include 103.207.14.235 and 103.207.14.196 from India, 104.238.130.6 from the US, and 99.245.96.12 from Canada.

Rapid7 identified three other IPs: 193.176.179.41, 193.43.72.11, and 45.145.6.112.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
atlassian confluence security

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

How can the Agentic AI workspace remain secure for APAC organisations?

How can the Agentic AI workspace remain secure for APAC organisations?

AI-fuelled attacks forcing enterprises to rethink security architecture

AI-fuelled attacks forcing enterprises to rethink security architecture

Malicious AI agents can severely disrupt APAC enterprises

Malicious AI agents can severely disrupt APAC enterprises

How severe will ransomware attacks become in 2026?

How severe will ransomware attacks become in 2026?

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.