9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Hackers with ties to China are actively exploiting a newly discovered vulnerability in Atlassian Confluence. This gives them, among other things, access to company data. Atlassian’s Confluence collaboration
Hackers with ties to China are actively exploiting a newly discovered vulnerability in Atlassian Confluence. This gives them, among other things, access to company data.
Atlassian’s Confluence collaboration software is under attack by hackers. Microsoft figured this out. The attack is the work of Storm-0062. This is a group linked to the Chinese government. The attackers are exploiting a zero-day vulnerability in Atlassian Confluence that was only discovered earlier this month.
The vulnerability (CVE-2023-22515) has a maximum CVE rating of 10 and can therefore be described as critical. It allows attackers to bypass authentication, create administrator accounts themselves and from there change settings or even steal data. The vulnerability only affects local installations of Confluence. So if you use the cloud version, you don’t have to worry.
It is unclear how big the impact of the attack is. Atlassian itself states that at least a handful of customers have already become victims. The company has already released a patch for the bug. Anyone who installed it quickly could escape. In any case, it is important to deploy the patch as quickly as possible, as the impact of a hack is many times greater than any disruptions in the patching process.
The attack highlights a trend: Companies that run software on-premises are often at greater risk than companies that use the same software in the cloud. This has little to do with the cloud itself and more to do with the SaaS providers’ patching policies. They do not delay the installation of an update that closes a critical leak, while on-premises infrastructure administrators often underestimate the seriousness and urgency of such a patch. Attackers like Storm-0062 take advantage of this.
This is not the first time that attackers have targeted Atlassian. This summer, hackers exploited a scandalous flaw in the software. In a Gobelijn moment, Atlassian had combined best practices with worst practices and used a hard-coded password in its software, which of course was leaked.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
