[unable to retrieve full-text content]CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks Executive Gov Source link
Read More »
[unable to retrieve full-text content]Hackers breach US Government agencies running end-of-life software CyberNews.com Source link
Read More »
The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link
Read More »
[unable to retrieve full-text content]CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw – CISA: Threat Actor Breached Federal … Dark Reading Source link
Read More »
[unable to retrieve full-text content]Attackers breach US government agencies through ColdFusion flaw CSO Online Source link
Read More »
[unable to retrieve full-text content]Unpatched Adobe ColdFusion bug led to double breach of US federal agency SC Media Source link
Read More »
[unable to retrieve full-text content]Mexican Pegasus trial, Fed ColdFusion breach, Malicious loan app CISO Series Source link
Read More »
[unable to retrieve full-text content]Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers The Hacker News Source link
Read More »
[unable to retrieve full-text content]Hackers use patched security bug in Adobe ColdFusion to compromise U.S. agencies The Hindu Source link
Read More »
Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 affected Adobe ColdFusion versions 2021, 2018, 2016 and 11, but Adobe provided patches only for the former two, as ColdFusion 2016 and 11 had previously reached the end of their (product) lifecycle. CISA added the… Source link
Read More »