Significant data compromise stemming from the potential exploitation of a critical vulnerability impacting all internet-exposed Atlassian Confluence Data Center and Server instances, has prompted Atlassian Chief Information Security Officer Bala Satriamurthy to urge immediate remediation of the flaw with recently issued patches, reports The Record, a news site by cybersecurity firm Recorded Future.
"There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances," said Satriamurthy in a note that accompanied Atlassian's advisory on the flaw.
Meanwhile, organizations that could not immediately patch impacted Confluence implementations have been urged to adopt network access restrictions until the fixes have been applied.
Such a flaw comes weeks after Atlassian issued an advisory noting that the same products were impacted by a critical zero-day bug, tracked as CVE-2023-22515, which has been actively exploited to facilitate unauthorized Confluence admin account creation and Confluence account access.
New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, BleepingComputer reports.
More than $10 billion in fraud-related losses were reported by U.S. consumers for the first time in 2023, representing a 14% growth over 2022, even though the number of individuals who reported being targeted by fraud held steady at over 2.6 million, BleepingComputer reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news