Threat actors are exploiting unpatched Atlassian servers via CVE-2023-22518 to deploy Cerber ransomware, targeting Atlassian Confluence Data Center and Server. This critical vulnerability allows attackers to reset Confluence and create admin accounts, granting them full control over affected systems and compromising confidentiality, integrity, and availability. Financially motivated cybercrime groups abuse the admin account to install the Effluence web shell plugin, enabling arbitrary command execution. The ransomware, written in C++, acts as a loader for additional C++-based malware fetched from a command-and-control server. The primary payload erases its presence after execution and includes "agttydck.bat," potentially a permission checker. The encryptor, "agttydcb.bat," encrypts files with a .L0CK3D extension and drops ransom notes. However, no data exfiltration occurs despite claims in the note. Noteworthy is the use of pure C++ payloads, unusual amid the trend towards cross-platform languages like Golang and Rust. While Cerber compromises high-value systems, its encryption is typically limited to Confluence data. The emergence of new ransomware families targeting Windows and VMware ESXi servers, along with leaked LockBit ransomware source code, emphasizes the need for robust security measures and cybersecurity awareness among employees.
US healthcare giant Kaiser Permanente has disclosed a data breach affecting 13.4 million current and former patients, exposing their personal information to third-party advertisers...
A critical security vulnerability has been discovered in the R programming language, marked as CVE-2024-27322 with a CVSS score of 8.8. This flaw, akin to the pickle vulnerability ...
Google revealed that in 2023, nearly 200,000 app submissions to its Play Store for Android were either rejected or remediated due to issues with access to sensitive data such as lo...