Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Cring Ransomware

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack.

The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid.

CyberSecurity

“Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” Sophos principal researcher Andrew Brandt said. “The surprising thing is…


Source link

About coldfusion

Check Also

Department of Energy To Revisit Cold Fusion – Space Daily

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *