coldfusion

Adobe ColdFusion servers under attack from APT group

A nation-state cyber-espionage group is actively hacking into Adobe ColdFusion servers and planting backdoors for future operations, Volexity researchers have told ZDNet. The attacks have been taking place since late September and have targeted ColdFusion servers that were not updated with security patches that Adobe released two weeks before, on September 11. It appears that hackers studied Adobe’s September patches and figured out how to exploit CVE-2018-15961 to their advantage. Classified as an “unauthenticated file upload,” this vulnerability allowed this APT group (APT stands for advanced persistent threat, another term used to describe nation-state cyber-espionage groups) to surreptitiously upload a version of the China Chopper… Source link

Read More »

ATP Group Attacks ColdFusion Servers

Posted on November 9, 2018 at 6:39 PM A cyberspying group appears to have reversed a security patch from Adobe and currently going after unpatched ColdFusion Servers. According to information gathered by Volexity researchers, a spying group is aggressively hacking into the servers of Adobe ColdFusion and creating backdoors for future attacks. This attack has been ongoing since late September with servers not updated with security patches released by Adobe on September 11. Apparently, the hackers have studied Adobe’s September patches and discovered a means of exploiting the CVE-2018-15961 to its advantage. Categorized as an “unauthenticated file upload,” this weakness allowed this nation-state… Source link

Read More »

Patched Adobe ColdFusion Flaw Exploited By APT – Threatpost

Patched Adobe ColdFusion Flaw Exploited By APT – Threatpost

The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday. “Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-concept code exists,” researchers said in a post. “In the attack detected by Volexity, a… Source link

Read More »

Patched Adobe ColdFusion Flaw Exploited By APT – Threatpost

Patched Adobe ColdFusion Flaw Exploited By APT – Threatpost

The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday. “Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-concept code exists,” researchers said in a post. “In the attack detected by Volexity, a… Source link

Read More »

Adobe Patches Six Critical Flaws in ColdFusion – Threatpost

Adobe issued fixes for versions of its ColdFusion web development platform – including six critical flaws. Adobe has released patches fixing six critical vulnerabilities in its ColdFusion product that could lead to arbitrary code-execution. The flaws impact Adobe’s ColdFusion product, which is the company’s commercial web application development platform. Impacted are the 2016 (Update 6 and earlier versions) and the July 12 (2018) release of ColdFusion, as well as ColdFusion 11 (Update 14 and earlier versions). Overall, Adobe said ColdFusion contained nine flaws, including four critical deserialization of untrusted data flaws that could lead to arbitrary code-execution… Source link

Read More »

It’s Derby Time!! | WiLD 94.9

It’s Derby Time!! | WiLD 94.9

Derby is less than a month a way! Have you got yourself together yet?!  Have no fear, girl! That’s why I’m here!  Let me let you in on a little secret….Derby doesn’t have to be expensive! SAY WHAT!  I’m pretty sure I’ve not spent more than $100 on a single outfit for ANY red carpet in the last 5 years. How? You ask.  Let me introduce you to my glam team!  Meet General Eccentric!  They’ve been my best kept secret since I moved to Louisville! Stop by the corner of Bardstown rd and Bonnycastle on any given day and you’ll be transported to boutique heaven! They’ve got everything from Fascinators and hats, cocktail dresses to red carpet ready gowns! They even have the accessories to match! Earrings, necklaces, shoes, handbags, you name it, they’ve got it! Even in the off season, they’re… Source link

Read More »

Cold Fusion Lives: Experiments Create Energy When None Should Exist

Cold Fusion Lives: Experiments Create Energy When None Should Exist

Howard J. Wilk is a long-term unemployed synthetic organic chemist living in Philadelphia. Like many pharmaceutical researchers, he has suffered through the drug industry’s R&D downsizing in recent years and now is underemployed in a nonscience job. With extra time on his hands, Wilk has been tracking the progress of a New Jersey-based company called Brilliant Light Power (BLP). The company is one of several that are developing processes that collectively fall into the category of new energy technologies. This movement is largely a reincarnation of cold fusion, the short-lived, quickly dismissed phenomenon from the late 1980s of achieving nuclear fusion in a simple benchtop electrolysis device. In 1991, BLP’s founder, Randell L. Mills, announced at a press conference in… Source link

Read More »

The Long Tail of ColdFusion Fail — Krebs on Security

Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions. Last Tuesday’s story looked at two victims; the jam and jelly maker Smucker’s, and SecurePay, a credit card processor based in Georgia. Most of the companies contacted for this story did not respond to requests for comment. The few business listed that did respond had remarkably similar stories to tell about the ordeal of trying to keep their businesses up and running in the face of such… Source link

Read More »

The Long Tail of ColdFusion Fail – Krebs on Security

The Long Tail of ColdFusion Fail – Krebs on Security

Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions. Last Tuesday’s story looked at two victims; the jam and jelly maker Smucker’s, and SecurePay, a credit card processor based in Georgia. Most of the companies contacted for this story did not respond to requests for comment. The few business listed that did respond had remarkably similar stories to tell about the ordeal of trying to keep their businesses up and running in the face of such… Source link

Read More »