This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.
Related Posts
![Bernard Brantley: Tomorrow is a new day. [CISO]](https://thecyberwire.com/images/social-media/career-notes/2023/178-career-notes-climb.jpg?#)
Bernard Brantley: Tomorrow is a new day. [CISO]
Bernard Brantley: Tomorrow is a new day. [CISO]
Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying “I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, “hey, this was a tough day” to, to, into, “all right, uh, this was a tough day because maybe I didn’t commit enough time in this area, or maybe I could have had a bit better conversation with this person.” We thank Bernard for sharing his story with us. Read More
The CyberWire
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks
Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. […] Read More
BleepingComputer
Nation-state Hackers Exploiting Confluence Zero-day Vulnerability
Nation-state Hackers Exploiting Confluence Zero-day Vulnerability
Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515 in the wild since September 14, 2023.
The vulnerability was publicly disclosed on October 4, 2023, and this CVE-2023-22515 is a Confluence zero-day vulnerability.
Atlassian is investigating reports from a few customers regarding the potential exploitation of an undisclosed vulnerability in publicly accessible Confluence Data Center and Server instances, allowing unauthorized access and the creation of administrator accounts.
Here’s what Atlassian stated:-
“Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.”
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed on October 4, 2023. Storm-0062 is tracked by others as DarkShadow or Oro0lxy.
— Microsoft Threat Intelligence (@MsftSecIntel) October 10, 2023
According to Netlas, it has been reported that the vulnerability has been actively exploited in real-world scenarios.
CVE-2023-22515: Privilege Escalation in Atlassian Confluence Data&Server, 9.0 rating
0-day vuln, which already exploited in the wild.
Search at https://t.co/hv7QKSqxTR:
Link: https://t.co/k7JMAv2BIH#cybersecurity #vulnerability_map pic.twitter.com/1R4GaDrel9
— Netlas.io (@Netlas_io) October 5, 2023
Flaw profile
CVE ID: CVE-2023-22515
Description: Broken Access Control Vulnerability in Confluence Data Center and Server
Advisory Release Date: Wed, Oct 4th, 2023 06:00 PDT
Related Jira Ticket(s): CONFSERVER-92475
Severity: Critical
CVSS Score: 10.00
IPs Detected
These four IP addresses were detected transmitting exploit traffic linked to CVE-2023-22515:-
192.69.90[.]31
104.128.89[.]92
23.105.208[.]154
199.193.127[.]231
Atlassian has classified this vulnerability as Critical with a CVSS score 10 based on their severity levels. That’s why they have recommended users assess its relevance according to their specific IT setup.
Versions Affected & Fixed
Here below, we have mentioned all the Confluence Data Center and Confluence Server versions that are affected:-
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.1.0
8.1.1
8.1.3
8.1.4
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
Here below, we have mentioned all the Confluence Data Center and Confluence Server versions that are fixed:-
8.3.3 or later
8.4.3 or later
8.5.2 (Long-Term Support release) or later
PT Swarm team stated that they are able to reproduce the issue.
We have reproduced CVE-2023-22515 in Atlassian Confluence.
Broken access control allows unauthenticated users to gain administrative access to the web application!
Update your software ASAP! pic.twitter.com/MlE4ygyf3E
— PT SWARM (@ptswarm) October 10, 2023
Recommendation
For Confluence Data Center and Server instances publicly accessible, temporarily restrict external access until the upgrade.
If that’s not possible, apply for interim protection by blocking /setup/* endpoint access at the network level or by adjusting Confluence configuration files.
Then restart the Confluence, as this step restricts access to unnecessary setup pages in Confluence.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post Nation-state Hackers Exploiting Confluence Zero-day Vulnerability appeared first on Cyber Security News.
Cyber Security News