CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

December 7, 2023 Coldfusion 0

CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link

Read More »

Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

December 6, 2023 Coldfusion 0

Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion. The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week. Two Intrusions In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion… Source link

Read More »
© Copyright 2024, All Rights Reserved