{"id":1005438,"date":"2023-11-07T05:57:40","date_gmt":"2023-11-07T07:57:40","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-experts-mettent-en-garde-contre-les-pirates-de-ransomware-exploitant-les-failles-datlassian-et-dapache\/"},"modified":"2023-11-07T05:57:44","modified_gmt":"2023-11-07T07:57:44","slug":"les-experts-mettent-en-garde-contre-les-pirates-de-ransomware-exploitant-les-failles-datlassian-et-dapache","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-experts-mettent-en-garde-contre-les-pirates-de-ransomware-exploitant-les-failles-datlassian-et-dapache\/","title":{"rendered":"Les experts mettent en garde contre les pirates de ransomware exploitant les failles d&#8217;Atlassian et d&#8217;Apache"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">07 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Cybermenace\/logiciel malveillant<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Plusieurs groupes de ransomwares ont commenc\u00e9 \u00e0 exploiter activement les failles r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans Atlassian Confluence et Apache ActiveMQ.<\/p>\n<p>Entreprise de cybers\u00e9curit\u00e9 Rapid7 <a rel=\"nofollow noopener\" href=\"https:\/\/www.rapid7.com\/blog\/post\/2023\/11\/06\/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518\/\" target=\"_blank\">dit<\/a> il a observ\u00e9 l&#8217;exploitation de CVE-2023-22518 et CVE-2023-22515 dans plusieurs environnements clients, dont certains ont \u00e9t\u00e9 exploit\u00e9s pour le d\u00e9ploiement de Cerber (alias <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/TheDFIRReport\/status\/1721576960675954959\" target=\"_blank\">C3RB3R<\/a>) ran\u00e7ongiciel.<\/p>\n<p>Les deux vuln\u00e9rabilit\u00e9s sont critiques, car elles permettent aux acteurs malveillants de cr\u00e9er des comptes d&#8217;administrateur Confluence non autoris\u00e9s et d&#8217;entra\u00eener une perte de donn\u00e9es.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/wiz-inside-desk\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Atlassian, le 6 novembre <a rel=\"nofollow noopener\" href=\"https:\/\/confluence.atlassian.com\/security\/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html\" target=\"_blank\">a mis \u00e0 jour son avis<\/a> \u00e0 noter qu&#8217;il a observ\u00e9 \u00ab plusieurs exploits actifs et rapports d&#8217;acteurs mena\u00e7ants utilisant des ransomwares \u00bb et qu&#8217;il r\u00e9vise le score CVSS de la faille de 9,8 \u00e0 10,0, indiquant une gravit\u00e9 maximale.<\/p>\n<p>L&#8217;escalade, selon la soci\u00e9t\u00e9 australienne, est due au changement dans l&#8217;ampleur de l&#8217;attaque.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/1699343860_138_Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/1699343860_138_Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.jpg\" alt=\"Pirates de ransomwares\" border=\"0\" data-original-height=\"559\" data-original-width=\"728\" title=\"Pirates de ransomwares\"\/><\/a><\/div>\n<p>Les cha\u00eenes d&#8217;attaque impliquent l&#8217;exploitation massive de serveurs Atlassian Confluence vuln\u00e9rables accessibles sur Internet pour r\u00e9cup\u00e9rer une charge utile malveillante h\u00e9berg\u00e9e sur un serveur distant, conduisant \u00e0 l&#8217;ex\u00e9cution de la charge utile du ransomware sur le serveur compromis.<\/p>\n<p>Donn\u00e9es recueillies par GreyNoise <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/atlassian-confluence-server-authentication-bypass-attempt?days=10\" target=\"_blank\">montre<\/a> que les tentatives d&#8217;exploitation proviennent de trois adresses IP diff\u00e9rentes situ\u00e9es en France, \u00e0 Hong Kong et en Russie.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Pendant ce temps, Arctic Wolf Labs a r\u00e9v\u00e9l\u00e9 qu&#8217;une grave faille d&#8217;ex\u00e9cution de code \u00e0 distance affectant Apache ActiveMQ (CVE-2023-46604, score CVSS : 10,0) \u00e9tait en train d&#8217;\u00eatre utilis\u00e9e pour fournir un cheval de Troie d&#8217;acc\u00e8s \u00e0 distance bas\u00e9 sur Go appel\u00e9 SparkRAT ainsi qu&#8217;une variante de ransomware qui partage des similitudes avec <a rel=\"nofollow noopener\" href=\"https:\/\/www.crowdstrike.com\/blog\/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang\/\" target=\"_blank\">TellYouThePass<\/a>.<\/p>\n<p>&#8220;Les preuves de l&#8217;exploitation de CVE-2023-46604 dans la nature par un assortiment d&#8217;acteurs mena\u00e7ants ayant des objectifs diff\u00e9rents d\u00e9montrent la n\u00e9cessit\u00e9 d&#8217;une correction rapide de cette vuln\u00e9rabilit\u00e9&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/tellmethetruth-exploitation-of-cve-2023-46604-leading-to-ransomware\/\" target=\"_blank\">dit<\/a>.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/experts-warn-of-ransomware-hackers.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80207 novembre 2023\ue804R\u00e9dactionCybermenace\/logiciel malveillant Plusieurs groupes de ransomwares ont commenc\u00e9 \u00e0 exploiter activement les failles r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans Atlassian Confluence et Apache ActiveMQ. Entreprise de cybers\u00e9curit\u00e9 Rapid7 dit il a observ\u00e9 l&#8217;exploitation de CVE-2023-22518 et CVE-2023-22515 dans plusieurs environnements clients, dont certains ont \u00e9t\u00e9 exploit\u00e9s pour le d\u00e9ploiement de Cerber (alias C3RB3R) ran\u00e7ongiciel. Les deux [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1005439,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,841,4165,4161,200267,54102,94742,692,29063,4806,525,4159,4171,65,200271,3915,200268,200269,200270,4394,4392,128318,4172,4169,4166,4164],"class_list":["post-1005438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-contre","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dapache","tag-datlassian","tag-experts","tag-exploitant","tag-failles","tag-garde","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mettent","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pirates","tag-ransomware","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1005438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1005438"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1005438\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1005439"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1005438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1005438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1005438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}