Atlassian Flaw
-
Hacker News ☛ Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware.
The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account.
Armed with this access, a threat actor could take over affected systems, leading to a full loss of confidentiality, integrity, and availability.
-
Cerber Linux Ransomware Exploits Atlassian Servers
Security researchers at Cado Security Labs have uncovered a new variant of the Cerber ransomware targeting Linux systems.
This strain of the notorious malware has been observed exploiting a recent vulnerability in the Atlassian Confluence application to gain a foothold on targeted servers.
-
CyberRisk Alliance LLC ☛ Atlassian Confluence Linux instances targeted with Cerber ransomware
A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware, researchers revealed Wednesday.
Attackers exploited the improper authorization vulnerability tracked as CVE-2023-22518, which was first patched on Oct. 31, 2023, to drop an Effluence web shell plugin that ultimately enabled the execution of Cerber, researchers from Cado Security Labs reported in a blog post.
CVE-2023-22518 was initially assigned a CVSS score of 9.1, but escalated to a maximum severity of 10 by Atlassian following active exploitation of the bug in the week after its disclosure.
-
Security Affairs ☛ Linux variant of Cerber ransomware targets Atlassian servers
The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.
Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. The experts pointed out that there is very little knowledge about the Linux variant of the ransomware family.
Cerber has been active since at least 2016, most recently it was involved in attacks against Confluence servers.
The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. UPX is a widely-used packer among threat actors, enabling the storage of encoded program code within the binary. At runtime, the code is extracted in memory and executed, a process known as “unpacking,” to evade detection by security software.