How running websites has changed in the last two decades (for an Ars IT guru)

The Pit, a BBS door game. In this shot, Lee Hutchinson was attacking these guys. Or, maybe they’re attacking him. Lee Hutchinson Ars Technica’s 20th Anniversary View more stories I was a true nerd growing up in the 1980s—not in the hipster way but in the 10-pound-issue-of-Computer-Shopper–under-my-arm way (these things were seriously huge). I was thoroughly addicted to BBSes (Bulletin Board Systems) by the time I was 10. Maybe it’s no surprise I ended up as a technical director for a science and tech site. In fact, I’d actually draw a direct line between the job of managing your own BBS (aka SysOping) to managing a modern Web infrastructure. And with everyone around Ars looking back given the site’s 20th anniversary, let’s make… Source link

Read More »

ATP Group Attacks ColdFusion Servers

Posted on November 9, 2018 at 6:39 PM A cyberspying group appears to have reversed a security patch from Adobe and currently going after unpatched ColdFusion Servers. According to information gathered by Volexity researchers, a spying group is aggressively hacking into the servers of Adobe ColdFusion and creating backdoors for future attacks. This attack has been ongoing since late September with servers not updated with security patches released by Adobe on September 11. Apparently, the hackers have studied Adobe’s September patches and discovered a means of exploiting the CVE-2018-15961 to its advantage. Categorized as an “unauthenticated file upload,” this weakness allowed this nation-state… Source link

Read More »

Adobe ColdFusion servers under attack from APT group

A nation-state cyber-espionage group is actively hacking into Adobe ColdFusion servers and planting backdoors for future operations, Volexity researchers have told ZDNet. The attacks have been taking place since late September and have targeted ColdFusion servers that were not updated with security patches that Adobe released two weeks before, on September 11. It appears that hackers studied Adobe’s September patches and figured out how to exploit CVE-2018-15961 to their advantage. Classified as an “unauthenticated file upload,” this vulnerability allowed this APT group (APT stands for advanced persistent threat, another term used to describe nation-state cyber-espionage groups) to surreptitiously upload a version of the China Chopper… Source link

Read More »

The Long Tail of ColdFusion Fail — Krebs on Security

Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions. Last Tuesday’s story looked at two victims; the jam and jelly maker Smucker’s, and SecurePay, a credit card processor based in Georgia. Most of the companies contacted for this story did not respond to requests for comment. The few business listed that did respond had remarkably similar stories to tell about the ordeal of trying to keep their businesses up and running in the face of such… Source link

Read More »