Yearly Archives: 2019

Cold fusion 2: Japan wins with systematic method

This is the second of a three-part series. Click here to read part one, which relates how early experimentation in cold fusion was largely abandoned due to disappointing results when researchers attempted to replicate findings – but the second wave of research is now showing promising results. In my view Japan – without question the world leader today when it comes to experimental research in this field – has produced the most compelling demonstrations of the existence and reproducibility of cold fusion. Japan owes its leading position in large measure to consistent institutional and industrial support and a systematic, step-by-step approach emphasizing the development of advanced materials for cold fusion devices. Cold… Source link

Read More »

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories. During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples. Rocke’s new… Source link

Read More »

Bulletproof Hosting Service in Former NATO Bunker Goes Down

Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground. The bunker was acquired in 2013 and managed by a Dutch national believed to have ties with organized crime in the Netherlands, who turned it into a heavily secured data center for illegal purposes. A bulletproof hosting provider rents hosting services with no restrictions to the nature of the content uploaded or distributed, or the type of business conducted. They are the alternative to regular providers that have strict rules against illegal endeavors and often do not respond to requests from authorities. Huge building for many servers On a 3.2 acre property in Traben-Trabach on the banks of Mosel river, the building itself has… Source link

Read More »

Update ColdFusion now! Emergency patch for critical flaws – Naked Security

Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of ‘critical’. The flaws affect ColdFusion 2018 version 4 and earlier, and ColdFusion 2016 version 11 and earlier. The first critical flaw is CVE-2019-8073, and is described as allowing “command injection via vulnerable component” leading to arbitrary code execution (ACE). The second critical flaw is CVE-2019-8074, a path traversal vulnerability allowing an access control bypass. The final vulnerability, rated ‘important’, is CVE-2019-8072, a security bypass leading to information disclosure. Because this is an ‘out of band’ update – a polite way of saying it’s unexpected and urgent – Adobe offers only… Source link

Read More »

Adobe issues emergency patch for critical ColdFusion vulnerabilities

Charlie Osborne 25 September 2019 at 13:43 UTC Updated: 08 October 2019 at 13:48 UTC Users are being urged to update their builds to resolve three serious security flaws Adobe has released an out-of-band patch to quickly resolve a trio of security vulnerabilities in ColdFusion, two of which are deemed critical. Adobe said in a security advisory that ColdFusion 2016 and 2018 on all platforms are affected. The web application development platform’s emergency patch, released on Tuesday (September 24), addresses potential malicious code execution, access control bypass, and data leaks. The first vulnerability, and arguably the most dangerous, is CVE-2019-8073. The critical security flaw is a… Source link

Read More »

Adobe Unscheduled Update Fixes Critical ColdFusion Flaws – Threatpost

Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of ColdFusion. Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of the ColdFusion commercial rapid web-application development platform. “Adobe recommends users update their product installations to the latest versions using the instructions… Source link

Read More »

Virtual Private Servers (VPS) Hosting : The Next Booming Segment

Latest Study on Industrial Growth of Global Virtual Private Servers (VPS) Hosting Market 2019-2025. A detailed study accumulated to offer Latest insights about acute features of the Virtual Private Servers (VPS) Hosting market. The report contains different market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market. It also examines the role of the leading market players involved in the industry including their corporate overview, financial summary and SWOT analysis. The Major Players Covered in this Report:… Source link

Read More »

Virtual Private Servers (VPS) Hosting : The Next Booming Segment

Latest Study on Industrial Growth of Global Virtual Private Servers (VPS) Hosting Market 2019-2025. A detailed study accumulated to offer Latest insights about acute features of the Virtual Private Servers (VPS) Hosting market. The report contains different market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market. It also examines the role of the leading market players involved in the industry including their corporate overview, financial summary and SWOT analysis. The Major Players Covered in this Report:… Source link

Read More »

Adobe Releases Security Updates for Flash Player, ColdFusion, and Campaign

Adobe has published their monthly Patch Tuesday updates for the month of June 2019. These updates includes fixes for vulnerabilities in Adobe ColdFusion, Adobe Campaign, and Adobe Flash Player. Each of the three programs included a fix for a Critical arbitrary code execution vulnerability and users are advised to install the updates as soon as possible. Adobe Security Updates Summary: APSB19-27 Security updates available for Adobe ColdFusion Adobe has released an update for ColdFusion that fixes three critical vulnerabilities that could allow arbitrary code execution on vulnerable servers. Vulnerability Category Vulnerability Impact Severity CVE Numbers File extension blacklist bypass Arbitrary code execution Critical (see note below)  CVE-2019-7838 Command Injection

Read More »

Update now! Critical Adobe ColdFusion flaw now being exploited – Naked Security

Adobe has issued an urgent out-of-band patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild. The company’s APSB19-14 bulletin is light on detail but describes the issue as a “file upload restriction bypass” affecting ColdFusion 2018 update 2 and earlier, 2016 update 9 and earlier, and 17 and earlier: This attack requires the ability to upload executable code to a web-accessible directory, and then execute that code via an HTTP request.  Restricting requests to directories where uploaded files are stored will mitigate this attack. Who’s affected? According to a blog by one of those credited by Adobe for reporting the issue, Charlie Arehart, updating should be a particular concern to ColdFusion servers… Source link

Read More »