Old sometimes is not gold, especially when it comes to ancient versions of ColdFusion running on versions of Windows that have reached their end-of-life, as the global security firm Sophos has demonstrated through its research into a server that was taken over by unknown actors using the Cring ransomware.
Andrew Brandt, principal researcher at SophosLabs, said the recent findings — no time element was given — had shown that Adobe ColdFusion 9 — which is 11 years old — and Windows Server 2008 — which was declared end-of-life for the Web-application development platform in 2016 — were running on the server that served as an entry point.
Several other machines were also hit with the same ransomware and made inaccessible, but the box running ColdFusion was partially…
Source link
