(GENERAL-23-111) Alert: Educational Institutions at Risk Due to Improper Authorization Vulnerability in Confluence Data Center and Server

Author
Federal Student Aid
Electronic Announcement ID
GENERAL-23-111
Subject
Alert: Educational Institutions at Risk Due to Improper Authorization Vulnerability in Confluence Data Center and Server

Threat actors are actively exploiting Atlassian’s Improper Authorization Vulnerability in Confluence Data Center and Server (CVE-2023-22518). This vulnerability allows an unauthorized attacker to reset Confluence and establish a new administrator account. The C3RB3R (Cerber) Ransomware group, operating a Ransomware-as-a-Service (RaaS) model, is actively involved in exploiting these vulnerabilities. Cerber has payloads designed for both Linux and Windows, with a particular focus on targeting the education sector.

Note: This new vulnerability is different from CVE-2023-22515 (“Research Institutions Targeted by Atlassian Confluence Data Center and Server Vulnerability”) for which we posted an Electronic Announcement on Oct. 26, 2023 and which still requires attention. 

Atlassian escalated CVE-2023-22518 to the highest critical rating due to observing several active exploits and reports of threat actors using ransomware.

Action Required

  1. Immediately patch to a fixed version listed on the CVE-2023-22518 advisory page.

  2. Conduct comprehensive threat detection to identify any potential breaches or unauthorized access.

All versions of Confluence Data Center and Server are affected by this vulnerability. Publicly accessible Confluence Data Center and Server versions listed on the CVE-2023-22518 are at critical risk and require immediate attention. For more information and detailed instructions on how to patch your Confluence affected installations, visit Atlassian’s advisory page.

Actions to take today to mitigate cyber threats: 

  • Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments. To request free Cybersecurity & Infrastructure Security Agency (CISA) Vulnerability Scanning, please see https://www.cisa.gov/resources-tools/services/cisa-vulnerability-scanning.

  • Implement Multi-Factor Authentication (MFA), especially for privileged users like system administrators, IT personnel, and users with access to sensitive information.

  • Test and maintain data backups.

  • Create and test your Incident Response Plan.

  • Train your organization’s staff in Cybersecurity defense.

If you suspect a breach or have any questions regarding the information provided in this announcement, or to sign up for our Quarterly Cybersecurity newsletter, please contact FSASchoolCyberSafety@ed.gov.