Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware
A recently disclosed critical remote code execution (RCE) vulnerability in Atlassian’s Confluence Server collaboration platform is now under active attack, in a spate of attacks bent on deploying a variety of malware, including ransomware. Researchers from Sophos have observed several attacks over the past two weeks in which attackers used automated exploits against vulnerable Confluence instances running on Windows and Linux servers. In at least two of the Windows-related incidents, adversaries exploited the Atlassian vulnerability to drop Cerber ransomware on the victim networks, the security vendor said in a report Thursday. Atlassian disclosed the vulnerability in Confluence Server (CVE-2022-26134) over Memorial Day weekend, after researchers from Volexity informed the company about the issue, which they discovered while investigating a breach at a customer location.