ColdFusion will be completing 25 successful years by July 2020. Within a few years of its launch in 1995, people started speculating the impending death of the language, but the development community members like us had faith in its future. ColdFusion has been growing stronger with years, and ever since it was acquired by Adobe, it was proved to be the most secure and robust language with a definite road map for the coming years. Future of ColdFusion The future version of Adobe’s ColdFusion will be cloud-based and server-free. In other words, it will no longer remain physical as in the past. Adobe ColdFusion 2020 CFScript will be ECMA Script compliant so that it will completely fix the script syntax issues that ColdFusion’s earlier versions had. It will be easier as programmers… Source link
Read More »Hot on the trail of cold fusion as a solution to the climate crisis | Climate change
Tim Flannery (The age of the megafire is here, and it’s a call to action, Journal, 7 February) writes: “As far as swift climate action is concerned, all good choices have gone up in smoke”. That may not be the case, however. There has been abundant support by now for the claim made by Martin Fleischmann and Stanley Pons in 1989 to have observed nuclear fusion at ordinary temperatures, but the hope that such a fossil-fuel-free process might contribute usefully to energy production has not been fulfilled because it is very unpredictable, and we do not as yet know the conditions needed to produce large amounts of energy. Suitably funded research on a large scale might lead to a resolution of this issue.Prof Brian JosephsonEmeritus professor of physics, University of Cambridge • Join… Source link
Read More »Ortus Solutions To Host Two-Day Workshop On Building Secure Applications
WASHINGTON (PRWEB) January 30, 2020 Ortus Solutions, Corp announced today it will be hosting a two-day workshop on April 20th and 21st focused on building secure MVC ColdFusion applications. The event will be held before the Adobe CF Summit East 2020 at the Regus Franklin Square from 9:00 am to 5:30 pm, with the aim of helping modernize developer skills to create applications with modern techniques and tooling. Attendees will be designing a twitter-like application (SoapBox) and will build it using the most popular ColdFusion MVC Framework: ColdBox. They will design the client in UML and build it using object… Source link
Read More »December Patch Tuesday resolves Windows zero-day
Administrators got an early holiday present with a fairly light patching workload on December Patch Tuesday, but they will have one Windows zero-day to wrap up as soon as possible. Microsoft corrected 36 vulnerabilities on December Patch Tuesday in Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server, Visual Studio and Skype for Business. The Win32k elevation of privilege vulnerability (CVE-2019-1458) is rated as important and is being actively exploited in the wild. This Windows zero-day, discovered by Kaspersky Lab researchers, affects most supported versions of Microsoft’s operating system on both the client and server side. The attacker needs authentication to access the system to run malicious code in kernel mode to take… Source link
Read More »Cold fusion 2: Japan wins with systematic method
This is the second of a three-part series. Click here to read part one, which relates how early experimentation in cold fusion was largely abandoned due to disappointing results when researchers attempted to replicate findings – but the second wave of research is now showing promising results. In my view Japan – without question the world leader today when it comes to experimental research in this field – has produced the most compelling demonstrations of the existence and reproducibility of cold fusion. Japan owes its leading position in large measure to consistent institutional and industrial support and a systematic, step-by-step approach emphasizing the development of advanced materials for cold fusion devices. Cold… Source link
Read More »Chinese Hackers Use New Cryptojacking Tactics to Evade Detection
Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories. During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples. Rocke’s new… Source link
Read More »Bulletproof Hosting Service in Former NATO Bunker Goes Down
Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground. The bunker was acquired in 2013 and managed by a Dutch national believed to have ties with organized crime in the Netherlands, who turned it into a heavily secured data center for illegal purposes. A bulletproof hosting provider rents hosting services with no restrictions to the nature of the content uploaded or distributed, or the type of business conducted. They are the alternative to regular providers that have strict rules against illegal endeavors and often do not respond to requests from authorities. Huge building for many servers On a 3.2 acre property in Traben-Trabach on the banks of Mosel river, the building itself has… Source link
Read More »Update ColdFusion now! Emergency patch for critical flaws – Naked Security
Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of ‘critical’. The flaws affect ColdFusion 2018 version 4 and earlier, and ColdFusion 2016 version 11 and earlier. The first critical flaw is CVE-2019-8073, and is described as allowing “command injection via vulnerable component” leading to arbitrary code execution (ACE). The second critical flaw is CVE-2019-8074, a path traversal vulnerability allowing an access control bypass. The final vulnerability, rated ‘important’, is CVE-2019-8072, a security bypass leading to information disclosure. Because this is an ‘out of band’ update – a polite way of saying it’s unexpected and urgent – Adobe offers only… Source link
Read More »Adobe Fixes Critical Security Vulnerabilities in Coldfusion
Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. The more critical issue is the code execution vulnerability as it could potentially allow for the takeover of a server. The vulnerabilities details can be seen below: Vulnerability Category Vulnerability Impact Severity CVE Numbers Security bypass Information Disclosure Important CVE-2019-8072 Command Injection via Vulnerable component Arbitrary code execution Critical CVE-2019-8073 Path Traversal Vulnerability Access Control Bypass Critical CVE-2019-8074 To resolve these vulnerabilities, Adobe suggests that users update to… Source link
Read More »Adobe issues emergency patch for critical ColdFusion vulnerabilities
Charlie Osborne 25 September 2019 at 13:43 UTC Updated: 08 October 2019 at 13:48 UTC Users are being urged to update their builds to resolve three serious security flaws Adobe has released an out-of-band patch to quickly resolve a trio of security vulnerabilities in ColdFusion, two of which are deemed critical. Adobe said in a security advisory that ColdFusion 2016 and 2018 on all platforms are affected. The web application development platform’s emergency patch, released on Tuesday (September 24), addresses potential malicious code execution, access control bypass, and data leaks. The first vulnerability, and arguably the most dangerous, is CVE-2019-8073. The critical security flaw is a… Source link
Read More »