Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Some environmental justice advocates are losing patience with White House efforts to launch a new screening tool that promises to pinpoint long-neglected and polluted communities, arguing that such vulnerable neighborhoods are well known. Many are so obvious that they have nicknames, such as Louisiana’s “Cancer Alley” or the “Diesel Death Zone”—a California community home to the Port of Los Angeles, multiple oil and asphalt refineries, and surrounded by three major freeways. “We already know these communities,” said Anthony Rogers Wright, the New York Lawyers for the Public Interest’s director of environmental justice. “This is not metaphysics, or calculus, or cold fusion—I think we’re over-complicating it,” he said, noting environmental justice screening tools… Source link

In an attack recently investigated by Sophos, an unknown threat actor exploited an ancient-in-internet-years vulnerability in an 11-year-old installation of Adobe ColdFusion 9 to take control of the ColdFusion server remotely, then to execute ransomware known as Cring on the server, and against other machines on the target’s network. While several other machines were “bricked” by the ransomware, the server hosting ColdFusion was partially recoverable, and Sophos was able to pull evidence in the form of logs and files from the machine. The server running ColdFusion was running the Windows Server 2008 operating system, which Microsoft end-of-lifed in January, 2020. Adobe declared end-of-life for ColdFusion 9 in 2016. As a result, neither the operating system nor the ColdFusion… Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising… Source link

Europe is being ravaged by an unprecedented energy crisis, and it may already be spreading. Asia, the world’s biggest buyer of gas and coal, may be next, with China particularly vulnerable because of the size of its economy. Perhaps somewhat surprisingly, the big problem for China is not natural gas. It’s coal, which powers the majority of its power plants, Bloomberg reported this week, citing state-run outlet China Energy News. According to a report in the news outlet, Chinese power plant operators are finding it hard to buy enough coal to keep their facilities running, which is raising the likelihood of an energy crunch when winter comes. Inventories are low because of the surge in coal prices this year, and some power plants have already had to turn off their boilers to… Source link

[unable to retrieve full-text content]Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug  The Hacker News Source link

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

In an attack recently investigated by Sophos, an unknown threat actor exploited an ancient-in-internet-years vulnerability in an 11-year-old installation of Adobe ColdFusion 9 to take control of the ColdFusion server remotely, then to execute ransomware known as Cring on the server, and against other machines on the target’s network. While several other machines were “bricked” by the ransomware, the server hosting ColdFusion was partially recoverable, and Sophos was able to pull evidence in the form of logs and files from the machine. The server running ColdFusion was running the Windows Server 2008 operating system, which Microsoft end-of-lifed in January, 2020. Adobe declared end-of-life for ColdFusion 9 in 2016. As a result, neither the operating system nor the ColdFusion… Source link

For the past week a handful of beardy people in Crocs, socks and high-visibility jackets have been trying to make people insulate their lofts by sitting in the middle of the M25. Naturally, this has caused lots of wailing and gnashing of teeth among those who have already insulated their lofts — which is everyone. But not from me, because I feel rather sorry for them. Most people in the world are fundamentally happy. We have friends and family and fully functioning body parts. We go to the pub and to big, riotous parties, and every summer we go on holiday, where we drink too much and eat too much and have fun playing silly, and mildly flirtatious, games in the pool. We like Source link