In an attack recently investigated by Sophos, an unknown threat actor exploited an ancient-in-internet-years vulnerability in an 11-year-old installation of Adobe ColdFusion 9 to take control of the ColdFusion server remotely, then to execute ransomware known as Cring on the server, and against other machines on the target’s network. While several other machines were “bricked” by the ransomware, the server hosting ColdFusion was partially recoverable, and Sophos was able to pull evidence in the form of logs and files from the machine. The server running ColdFusion was running the Windows Server 2008 operating system, which Microsoft end-of-lifed in January, 2020. Adobe declared end-of-life for ColdFusion 9 in 2016. As a result, neither the operating system nor the ColdFusion… Source link

[unable to retrieve full-text content]Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug  The Hacker News Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising… Source link

Europe is being ravaged by an unprecedented energy crisis, and it may already be spreading. Asia, the world’s biggest buyer of gas and coal, may be next, with China particularly vulnerable because of the size of its economy. Perhaps somewhat surprisingly, the big problem for China is not natural gas. It’s coal, which powers the majority of its power plants, Bloomberg reported this week, citing state-run outlet China Energy News. According to a report in the news outlet, Chinese power plant operators are finding it hard to buy enough coal to keep their facilities running, which is raising the likelihood of an energy crunch when winter comes. Inventories are low because of the surge in coal prices this year, and some power plants have already had to turn off their boilers to… Source link

For the past week a handful of beardy people in Crocs, socks and high-visibility jackets have been trying to make people insulate their lofts by sitting in the middle of the M25. Naturally, this has caused lots of wailing and gnashing of teeth among those who have already insulated their lofts — which is everyone. But not from me, because I feel rather sorry for them. Most people in the world are fundamentally happy. We have friends and family and fully functioning body parts. We go to the pub and to big, riotous parties, and every summer we go on holiday, where we drink too much and eat too much and have fun playing silly, and mildly flirtatious, games in the pool. We like Source link

Table Of Contents Destiny 2’s Season of the Lost has added new titles for players to chase. Two new titles can be obtained this season: Realmwalker and Deadeye. The former is a season-specific title, while the latter is a more casual-friendly title that can be gilded once each season. Related: Destiny 2: How To Get Ager’s Scepter And All Atlas Skews If you love playing a little bit of everything that Destiny 2 has to offer, Deadeye is the title for you. This title is all about developing mastery with every weapon type, both in PvE and PvP. You’ll need to collect hundreds of weapons, land a thousand kills with each weapon archetype, and demonstrate skill with each weapon type in PvP if you want to rep this title…. Source link

This month, Microsoft released a fix for the MSHTML zero-day that emerged earlier in September. And it fixes a serious remote code execution bug in the WLAN AutoConfig service. There’s also a fix for a serious bug in Apple iOS. So, let’s get started! Microsoft fixes MSHTML zero-day Earlier this month, Microsoft released a security advisory for a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML, the rendering engine that Office apps use in Windows to display web content. The advisory said: An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user… Source link

Microsoft, Google, Apple and Adobe issued dozens of security patches this week, including some that fixed critical zero-day vulnerabilities. Chief among them are fixes to the Microsoft MSHTML remote code execution vulnerability that is being actively exploited, a patch that fixes an iOS bug in CoreGraphics that could allow remote code execution that is under exploitation and nine patches for Chrome to address nine vulnerabilities, two of which are under active attack. In total, those four companies issued patches for 136 vulnerabilities this week, six of which are being actively exploited,  according to Zero Day Initiative (ZDI), a software vulnerability initiative maintain by Trend Micro. Microsoft patches for MSHTML bug, other RCE flaws Microsoft’s patches fix 66 vulnerabilities,… Source link