A suspected Chines APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly uploading a China Chopper webshell. The targeted servers hadn’t been updated with the patch released just two weeks earlier. Volexity researchers observed the active exploitation of the newly patched CVE-2018-15961 flaw, a critical unrestricted file upload bug that could also lead to arbitrary code-execution, in Adobe ColdFusion, despite there being no public details or proof-of-concept code exists, according to a Nov. 8 blog post. “The recent Adobe ColdFusion flaw that has been exploited recently is another example of how quickly malicious actors are to take advantage of recently-patched vulnerabilities,” Justin Jett,… Source link

[unable to retrieve full-text content]Patched Adobe ColdFusion Flaw Exploited By APT  Threatpost Source link

The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday. “Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-concept code exists,” researchers said in a post. “In the attack detected by Volexity, a… Source link

The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday. “Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-concept code exists,” researchers said in a post. “In the attack detected by Volexity, a… Source link

Posted on November 9, 2018 at 6:39 PM A cyberspying group appears to have reversed a security patch from Adobe and currently going after unpatched ColdFusion Servers. According to information gathered by Volexity researchers, a spying group is aggressively hacking into the servers of Adobe ColdFusion and creating backdoors for future attacks. This attack has been ongoing since late September with servers not updated with security patches released by Adobe on September 11. Apparently, the hackers have studied Adobe’s September patches and discovered a means of exploiting the CVE-2018-15961 to its advantage. Categorized as an “unauthenticated file upload,” this weakness allowed this nation-state… Source link

A nation-state cyber-espionage group is actively hacking into Adobe ColdFusion servers and planting backdoors for future operations, Volexity researchers have told ZDNet. The attacks have been taking place since late September and have targeted ColdFusion servers that were not updated with security patches that Adobe released two weeks before, on September 11. It appears that hackers studied Adobe’s September patches and figured out how to exploit CVE-2018-15961 to their advantage. Classified as an “unauthenticated file upload,” this vulnerability allowed this APT group (APT stands for advanced persistent threat, another term used to describe nation-state cyber-espionage groups) to surreptitiously upload a version of the China Chopper… Source link