When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
This past Sunday, three different IP addresses were executing malicious commands on targetendpoints.
The attacks, he added, have since stopped.
In other cases, hackers were using the vulnerability for lateral movement.
In multiple attack chains, Rapid7 observed post-exploitation command execution to download a malicious payload hosted at 193.43.72[.
]11 and/or 193.176.179[.
]41, which, if successful, led to single-system Cerber ransomware deployment on the exploited Confluence server.
Users are advised to apply the fix immediately.
ViaArsTechnica
