Coldfusion Just another Free Website Blog site

CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March and was shortly after added to CISA’s known exploited vulnerability (KEV) catalog, setting an April 5 deadline for agencies to fix the issue. In a Tuesday advisory, CISA revealed the federal civilian executive branch (FCEB) in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA’s deadline.  CISA did not respond to questions about whether the agency has now patched the vulnerability,… Source link

Public-facing servers at a U.S. federal agency were compromised by hackers in June and July through a vulnerability in a popular product from Adobe, according to the nation’s leading cybersecurity agency. The unidentified hackers exploited CVE-2023-26360 — a bug affecting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) as well as earlier installations of the software that Adobe no longer supports. ColdFusion is a tool used by organizations for rapid web-application development, allowing them to build web applications and integrate things like databases and other third-party libraries. An analysis of network logs confirmed the compromises, according to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, through the… Source link

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates. In an alert today, America’s Cyber Defense Agency warns that CVE-2023-26360 is still leveraged in attacks,… Source link

CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March and was shortly after added to CISA’s known exploited vulnerability (KEV) catalog, setting an April 5 deadline for agencies to fix the issue. In a Tuesday advisory, CISA revealed the federal civilian executive branch (FCEB) in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA’s deadline.  CISA did not respond to questions about whether the agency has now patched the vulnerability, who was behind the attack, or its stance on the missed… Source link

Unknown attackers exploited a known access control vulnerability in two Adobe ColdFusion application servers at a federal government agency in June, gaining access to the environment, uploading a webshell, and adding malicious code to the servers. There were two separate incidents at the unnamed agency in June, and according to a new advisory from the Cybersecurity and Infrastructure Security Agency the attacks may be the work of one group or two separate groups. The intrusions appeared to be focused on reconnaissance and mapping out the network infrastructure, and CISA said there is no evidence that data was exfiltrated during the intrusions. In both instances, the attackers exploited CVE-2023-26360 in ColdFusion, a bug that Adobe released a fix for in March. “In both… Source link

[unable to retrieve full-text content]Hackers breach US govt agencies using Adobe ColdFusion exploit  BleepingComputer Source link

[unable to retrieve full-text content]See You Tonight At The Holiday Stroll!  06880 Source link

[unable to retrieve full-text content]How to use intelligence on failed ColdFusion attack to bolster your …  SC Media Source link

[unable to retrieve full-text content]What a failed attack against ColdFusion revealed about ransomware …  SC Media Source link

A recent attack levied against servers running out-of-date Adobe software sheds some light on how threat actors are currently trying to exploit systems and deploy ransomware. In this recent attack, which took place in September and early October, the threat actors hoped to gain access to Windows servers and, subsequently, deploy ransomware payloads. While the attack wasn’t successful, lessons must be learned here. According to an analysis by Sophos researchers who uncovered the attack, the threat actor was trying to deploy ransomware created using leaked source code from the family of ransomware known as LockBit 3.0. This is a trend Sophos researchers noticed in other campaigns, as well. The attackers likely chose the LockBit 3.0 ransomware family because of its speed and… Source link