Coldfusion

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Read More »

Soaring Energy Prices Become Major Headache For China

Europe is being ravaged by an unprecedented energy crisis, and it may already be spreading. Asia, the world’s biggest buyer of gas and coal, may be next, with China particularly vulnerable because of the size of its economy. Perhaps somewhat surprisingly, the big problem for China is not natural gas. It’s coal, which powers the majority of its power plants, Bloomberg reported this week, citing state-run outlet China Energy News. According to a report in the news outlet, Chinese power plant operators are finding it hard to buy enough coal to keep their facilities running, which is raising the likelihood of an energy crunch when winter comes. Inventories are low because of the surge in coal prices this year, and some power plants have already had to turn off their boilers to… Source link

Read More »

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. “Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is… Source link

Read More »

Get out of the road! China has solved the climate crisis with a nuclear reactor and a pinch of Saxo – The Times

For the past week a handful of beardy people in Crocs, socks and high-visibility jackets have been trying to make people insulate their lofts by sitting in the middle of the M25. Naturally, this has caused lots of wailing and gnashing of teeth among those who have already insulated their lofts — which is everyone. But not from me, because I feel rather sorry for them. Most people in the world are fundamentally happy. We have friends and family and fully functioning body parts. We go to the pub and to big, riotous parties, and every summer we go on holiday, where we drink too much and eat too much and have fun playing silly, and mildly flirtatious, games in the pool. We like Source link

Read More »

Deadeye Title Guide – Destiny 2

Table Of Contents Destiny 2’s Season of the Lost has added new titles for players to chase. Two new titles can be obtained this season: Realmwalker and Deadeye. The former is a season-specific title, while the latter is a more casual-friendly title that can be gilded once each season. Related: Destiny 2: How To Get Ager’s Scepter And All Atlas Skews If you love playing a little bit of everything that Destiny 2 has to offer, Deadeye is the title for you. This title is all about developing mastery with every weapon type, both in PvE and PvP. You’ll need to collect hundreds of weapons, land a thousand kills with each weapon archetype, and demonstrate skill with each weapon type in PvP if you want to rep this title…. Source link

Read More »

Patch Tuesday September 2021 – Microsoft fixes MSHTML Zero-Day and Apple Blocks NSO Group Surveillance Spyware – Petri.com

This month, Microsoft released a fix for the MSHTML zero-day that emerged earlier in September. And it fixes a serious remote code execution bug in the WLAN AutoConfig service. There’s also a fix for a serious bug in Apple iOS. So, let’s get started! Microsoft fixes MSHTML zero-day Earlier this month, Microsoft released a security advisory for a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML, the rendering engine that Office apps use in Windows to display web content. The advisory said: An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user… Source link

Read More »

Apply These Microsoft, Apple, Google and Adobe Patches Now

Microsoft, Google, Apple and Adobe issued dozens of security patches this week, including some that fixed critical zero-day vulnerabilities. Chief among them are fixes to the Microsoft MSHTML remote code execution vulnerability that is being actively exploited, a patch that fixes an iOS bug in CoreGraphics that could allow remote code execution that is under exploitation and nine patches for Chrome to address nine vulnerabilities, two of which are under active attack. In total, those four companies issued patches for 136 vulnerabilities this week, six of which are being actively exploited,  according to Zero Day Initiative (ZDI), a software vulnerability initiative maintain by Trend Micro. Microsoft patches for MSHTML bug, other RCE flaws Microsoft’s patches fix 66 vulnerabilities,… Source link

Read More »

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager – Threatpost

Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop. Adobe is urging its throngs of Acrobat Reader users to update their software to fix critical vulnerabilities that could allow adversaries to execute arbitrary code on unpatched versions. The warnings are part of the firm’s September monthly security update, which this month addresses 59 bugs found in 15 of its products, including in Photoshop, Premiere Elements, ColdFusion and InCopy. In all, 36 of the vulnerabilities are rated “critical,” which is an Adobe-specific label indicating that the flaws, if exploited, “would allow malicious… Source link

Read More »

Qualys : Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities

Microsoft Patch Tuesday – September 2021 Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important. Critical Microsoft Vulnerabilities Patched CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned… Source link

Read More »