[unable to retrieve full-text content]Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial … CISA Source link
Read More »ColdFusion Exploit Used to Access Federal Agency
Unknown attackers exploited a known access control vulnerability in two Adobe ColdFusion application servers at a federal government agency in June, gaining access to the environment, uploading a webshell, and adding malicious code to the servers. There were two separate incidents at the unnamed agency in June, and according to a new advisory from the Cybersecurity and Infrastructure Security Agency the attacks may be the work of one group or two separate groups. The intrusions appeared to be focused on reconnaissance and mapping out the network infrastructure, and CISA said there is no evidence that data was exfiltrated during the intrusions. In both instances, the attackers exploited CVE-2023-26360 in ColdFusion, a bug that Adobe released a fix for in March. “In both… Source link
Read More »CISA details twin attacks on federal servers via unpatched ColdFusion flaw • The Register
CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March and was shortly after added to CISA’s known exploited vulnerability (KEV) catalog, setting an April 5 deadline for agencies to fix the issue. In a Tuesday advisory, CISA revealed the federal civilian executive branch (FCEB) in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA’s deadline. CISA did not respond to questions about whether the agency has now patched the vulnerability, who was behind the attack, or its stance on the missed… Source link
Read More »Hackers breach US govt agencies using Adobe ColdFusion exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates. In an alert today, America’s Cyber Defense Agency warns that CVE-2023-26360 is still leveraged in attacks,… Source link
Read More »Federal agency breached through Adobe ColdFusion vulnerability
Public-facing servers at a U.S. federal agency were compromised by hackers in June and July through a vulnerability in a popular product from Adobe, according to the nation’s leading cybersecurity agency. The unidentified hackers exploited CVE-2023-26360 — a bug affecting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) as well as earlier installations of the software that Adobe no longer supports. ColdFusion is a tool used by organizations for rapid web-application development, allowing them to build web applications and integrate things like databases and other third-party libraries. An analysis of network logs confirmed the compromises, according to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, through the… Source link
Read More »CISA reveals how fed agency succumbed to ColdFusion attacks • The Register
CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March and was shortly after added to CISA’s known exploited vulnerability (KEV) catalog, setting an April 5 deadline for agencies to fix the issue. In a Tuesday advisory, CISA revealed the federal civilian executive branch (FCEB) in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA’s deadline. CISA did not respond to questions about whether the agency has now patched the vulnerability,… Source link
Read More »Hackers breach US govt agencies using Adobe ColdFusion exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates. In an alert today, America’s Cyber Defense Agency warns that CVE-2023-26360 is still leveraged in attacks, showcasing… Source link
Read More »Hackers breach US govt agencies using Adobe ColdFusion exploit – BleepingComputer
[unable to retrieve full-text content]Hackers breach US govt agencies using Adobe ColdFusion exploit BleepingComputer Source link
Read More »See You Tonight At The Holiday Stroll! – 06880
[unable to retrieve full-text content]See You Tonight At The Holiday Stroll! 06880 Source link
Read More »How to use intelligence on failed ColdFusion attack to bolster your … – SC Media
[unable to retrieve full-text content]How to use intelligence on failed ColdFusion attack to bolster your … SC Media Source link
Read More »