CSW weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that could potentially be weaponized and prove dangerous to your organization and its assets.<\/p>\n
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware<\/a><\/p>\n<\/li>\n BlackCat ransomware Targets Microsoft Exchange servers\u00a0<\/a><\/p>\n<\/li>\n New Hertzbleed: A Side-Channel Vulnerability Attack Affects Intel and AMD CPUs<\/a><\/p>\n<\/li>\n Critical Citrix Bugs Impact All ADM Servers, Agents<\/a><\/p>\n<\/li>\n CISA Added Follina to its Known Exploited Vulnerability to Catalog<\/a><\/p>\n<\/li>\n<\/ul>\n Ransomware groups are exploiting an already patched RCE vulnerability in Atlassian Confluence Server and Data Center. In addition, several new botnets are also actively abusing it for initial access to target networks. A week ago, attackers leveraged this CVE-2022-26134<\/a> vulnerability for installing web shells to achieve remote code execution.<\/p>\n Threat Associated CVEs:<\/strong> CVE-2022-26134<\/p>\n CVSS Score:<\/strong> 9.8<\/p>\n Vendor & Product: <\/strong>Confluence Server 7.18.0 version and Confluence Server and Data Center 7.4.0 and higher<\/p>\n Exploit Type:<\/strong> RCE Vulnerability<\/p>\n CWE: <\/strong>CWE-74<\/a><\/p>\n Ransomware Associations: <\/strong>Cerber, Avoslocker<\/p>\n APT Groups<\/strong>: NA<\/p>\n Malware: <\/strong>Linux Botnets<\/p>\n Early Warning: <\/strong>Our AI and ML models have given a Maximum rating for this vulnerability indicating a high risk of exploitation by attackers.<\/p>\n Microsoft warns that one cybercrime gang exploited an unpatched Exchange server in order to deploy the notorious BlackCat\/ALPHV ransomware on a target organization. BlackCat affiliates reportedly used Exchange server CVE-2021-31207 to gain access to the server and install a web shell to access it remotely.\u00a0 While Microsoft didn’t mention any Exchange vulnerability used for initial access, it links to a security advisory<\/a> from March 2021 with guidance on investigating and mitigating ProxyLogon attacks.<\/p>\n Considering this, organizations should patch the below-listed BlackCat-associated CVEs, including the ProxyLogon vulnerabilities.<\/p>\n Threat Associated CVEs:<\/strong> CVE-2016-0099, CVE-2019-7481, CVE-2021-31207, and CVE-2021-26855.<\/p>\n Early Warning:<\/strong> Unusual hacker chat discussions about this vulnerability have increased its exploitability rating.<\/p>\n <\/p>\n<\/a>Confluence Servers Hacked to Deploy AvosLocker, Cerber2021 ransomware<\/h2>\n
<\/a>BlackCat ransomware Targets Microsoft Exchange servers<\/h2>\n