Coldfusion Just another Free Website Blog site

The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link

[unable to retrieve full-text content]CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw – CISA: Threat Actor Breached Federal …  Dark Reading Source link

[unable to retrieve full-text content]Attackers breach US government agencies through ColdFusion flaw  CSO Online Source link

[unable to retrieve full-text content]Unpatched Adobe ColdFusion bug led to double breach of US federal agency  SC Media Source link

[unable to retrieve full-text content]Mexican Pegasus trial, Fed ColdFusion breach, Malicious loan app  CISO Series Source link

[unable to retrieve full-text content]Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers  The Hacker News Source link

[unable to retrieve full-text content]Hackers use patched security bug in Adobe ColdFusion to compromise U.S. agencies  The Hindu Source link

An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion. The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week. Two Intrusions In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion… Source link

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 affected Adobe ColdFusion versions 2021, 2018, 2016 and 11, but Adobe provided patches only for the former two, as ColdFusion 2016 and 11 had previously reached the end of their (product) lifecycle. CISA added the… Source link

In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable lateral movement in the environments. The breached ColdFusion instances were outdated in both cases as the exploited vulnerability had a fix available since March. “Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” CISA said in its advisory without attributing the attacks to any known group. “No… Source link