Coldfusion Just another Free Website Blog site

Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE Vulnerabilities Exploited in Real-World Attacks On January 8, CISA released their regular notice on new exploited vulnerabilities, specifying among others 2 security breaches in Adobe ColdFusion. Both of them are dated summer 2023, with the patches being available at around the same time. Nonetheless, the organization states about the exploitation, which is not doubtful considering the trends. And… Source link

[unable to retrieve full-text content]CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency  Security Boulevard Source link

[unable to retrieve full-text content]CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks  Executive Gov Source link

[unable to retrieve full-text content]Hackers breach US Government agencies running end-of-life software  CyberNews.com Source link

The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link

[unable to retrieve full-text content]CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw – CISA: Threat Actor Breached Federal …  Dark Reading Source link

[unable to retrieve full-text content]Attackers breach US government agencies through ColdFusion flaw  CSO Online Source link

[unable to retrieve full-text content]Unpatched Adobe ColdFusion bug led to double breach of US federal agency  SC Media Source link

[unable to retrieve full-text content]Mexican Pegasus trial, Fed ColdFusion breach, Malicious loan app  CISO Series Source link

[unable to retrieve full-text content]Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers  The Hacker News Source link