Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE Vulnerabilities Exploited in Real-World Attacks On January 8, CISA released their regular notice on new exploited vulnerabilities, specifying among others 2 security breaches in Adobe ColdFusion. Both of them are dated summer 2023, with the patches being available at around the same time. Nonetheless, the organization states about the exploitation, which is not doubtful considering the trends. And… Source link
Read More »CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency – Security Boulevard
[unable to retrieve full-text content]CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency Security Boulevard Source link
Read More »CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks – Executive Gov
[unable to retrieve full-text content]CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks Executive Gov Source link
Read More »Hackers breach US Government agencies running end-of-life software – CyberNews.com
[unable to retrieve full-text content]Hackers breach US Government agencies running end-of-life software CyberNews.com Source link
Read More »CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks
The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link
Read More »CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw – CISA: Threat Actor Breached Federal … – Dark Reading
[unable to retrieve full-text content]CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw – CISA: Threat Actor Breached Federal … Dark Reading Source link
Read More »Attackers breach US government agencies through ColdFusion flaw – CSO Online
[unable to retrieve full-text content]Attackers breach US government agencies through ColdFusion flaw CSO Online Source link
Read More »Unpatched Adobe ColdFusion bug led to double breach of US federal agency – SC Media
[unable to retrieve full-text content]Unpatched Adobe ColdFusion bug led to double breach of US federal agency SC Media Source link
Read More »Mexican Pegasus trial, Fed ColdFusion breach, Malicious loan app – CISO Series
[unable to retrieve full-text content]Mexican Pegasus trial, Fed ColdFusion breach, Malicious loan app CISO Series Source link
Read More »Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers – The Hacker News
[unable to retrieve full-text content]Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers The Hacker News Source link
Read More »