Featured Story
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in “significant data loss if exploited by an unauthenticated attacker.”
Tracked as CVE-2023-22518, the vulnerability was initially scored at 9.1 but has since been escalated to a maximum 10 on the CVSS scale due to reports of ransomware exploits in the wild. It is an improper authorization vulnerability affecting all versions of Confluence Data Center and Server.
The flaw is patched in versions: 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1. Atlassian advises customers to immediately patch or disconnect publicly accessible instances. Cloud versions are unaffected.
While there was initially no active exploitation, that has changed. Atlassian has confirmed ongoing attacks using this vulnerability. If you have not already patched your Confluence instance, act now. Disconnect any internet-facing system and review Atlassian’s advisory for IOCs and mitigation.
Other Stories
Threat Actors Actively Exploit F5 BIG-IP Flaws CVE-2023-46747 and CVE-2023-46748
F5 has confirmed that CVE-2023-46747 (CVSS 9.8), a critical vulnerability affecting BIG-IP’s configuration utility, is being actively exploited. The flaw allows unauthenticated remote code execution via the management port or self IP addresses.
Attackers are chaining it with CVE-2023-46748 (CVSS 8.8) to execute system commands and gain access to critical infrastructure. F5 has published advisories for both flaws including indicators of compromise (IOCs).
Mass exploitation of edge-facing infrastructure like BIG-IP poses major risk. Logging is crucial for threat hunting based on F5’s IOCs. If needed, Approach SOC can assist with detection and mitigation strategies.
StripedFly, A Complex Malware That Infected One Million Devices Without Being Noticed
Kaspersky researchers have discovered StripedFly, a modular cross-platform malware that evaded detection for five years while masquerading as a crypto miner. The malware includes elements linked to NSA tools and supports communication via TOR with GitHub/GitLab/Bitbucket integration.
It has infected over one million systems globally since 2017. Its true purpose remains unknown, raising concerns over nation-state-level espionage.
Ensure all endpoints are protected with advanced EDR, not just antivirus. Especially on laptops with admin rights, malware can silently persist and spread. Our SOC can support forensic reviews and provide hardening guidance.
Trojanized PyCharm Software Version Delivered via Google Search Ads
A new malvertising campaign has leveraged Dynamic Search Ads to trick users into downloading fake PyCharm installers laced with malware. Victims were redirected from a hacked wedding website to malicious files containing multiple malware strains.
Payloads included Amadey, Stealc, RedLine, Vidar, and PrivateLoader, resulting in total system compromise.
This year has seen a surge in malicious Google Ads. Users must be trained to avoid clicking ads for software downloads. Our awareness team can help your staff spot and avoid these traps through targeted training sessions.
Okta Data Compromised Through Third-Party Vendor
Okta has suffered yet another breach, this time via third-party vendor Rightway Healthcare, exposing personal and healthcare data of ~5,000 employees. While customers are not affected, this comes amid several recent breaches involving Okta and its partners.
Security experts have criticized Okta’s internal decisions, including dismantling red and blue teams. The company’s response has left customers uneasy about its resilience.
Organizations must treat IAM platforms like Okta as critical infrastructure. Implement layered defenses, enforce strict logging, and ensure you’re equipped to detect any misuse of credentials—regardless of the breach origin.
