Ransomware Groups Are Exploiting Flaws in Atlassian Confluence, Apache ActiveMQ
Kinsing malware ops exploit cloud environments, QNAP Systems patch critical flaws, Attackers wipe out Monero crowdfunding wallet, Singapore casino hack exposes 650k rewards members, much more
Multiple ransomware groups have begun actively exploiting recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ.
Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged to deploy Cerber (aka C3RB3R) ransomware.
Both vulnerabilities are critical, allowing threat actors to create unauthorized Confluence administrator accounts and lead to data loss.
Atlassian reported that it observed "several active exploits and reports of threat actors using ransomware" and is revising the CVSS score of the flaw from 9.8 to 10.0, indicating maximum severity. The escalation is due to the change in the scope of the attack. Data gathered by GreyNoise shows that the exploitation attempts are originating from three different IP addresses located in France, Hong Kong, and Russia.
Separately, Arctic Wolf Labs and Huntress have disclosed that a severe remot…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.