INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
Last Updated: 2023-11-06 13:40:13 UTC
by Johannes Ullrich (Version: 1)
Last week, Atlassian published an advisory for CVE-2023-22518. The vulnerability is a trivial to exploit authentication bypass vulnerability. Atlassian emphasized the importance of the advisory with a quote from its CISO: "There are no reports of active exploitation at this time; customers must take immediate action to protect their instances." On Friday, Atlassian confirmed that attackers are actively exploiting the vulnerability.
The vulnerability is rated with a CVSS score of 9.1. Three different URLs are affected according to the advisory ...
I went back through our data to see how much exploitation we see for these URLs. We started seeing the first attempts on November 2nd (Thursday), just as Atlassian reported seeing these exploits being used against customers.
Read the full entry:
Example of Phishing Campaign Project File
Last Updated: 2023-11-08 06:37:08 UTC
by Xavier Mertens (Version: 1)
We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily... Good luck! Of course, tools have been developed to organize marketing campaigns. From marketing to spam or phishing, there is only one step. Bad guys started to use the same programs for malicious purpose.
Yesterday, I found on VT an interesting file. It triggered one of my hunting rules because the file contained a reference to one of my customer’s domain. I had a look at the file named “EwoExcel (1)<dot>mmp’ (SHA256:0e016a41b6df3dc7daf076805e3cbb21df1ff33712b615d38ecf066cd25b6e06).
I was not aware of the file extension “.mmp” (it’s not a “.mpp” used by Microsoft Project). But it seems to be a project file.
Read tech full entry: