Coldfusion

CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

December 7, 2023 Coldfusion 0

CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link

Read More »

Attackers breach US government agencies through ColdFusion flaw

December 6, 2023 Coldfusion 0

Attackers breach US government agencies through ColdFusion flaw

In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable lateral movement in the environments. The breached ColdFusion instances were outdated in both cases as the exploited vulnerability had a fix available since March. “Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” CISA said in its advisory without attributing the attacks to any known group. “No… Source link

Read More »
© Copyright 2025, All Rights Reserved