Ransomware actor exploits unsupported ColdFusion servers — but comes away empty-handed

Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the network easily achievable.

Sophos X-Ops has observed a wide variety of threats being delivered to servers, with the most common payloads being Cobalt Strike Beacons, ransomware, fileless PowerShell backdoors, miners, and webshells. In September and early October, we saw several efforts by a previously unknown actor to leverage vulnerabilities in obsolete, unsupported versions of Adobe’s ColdFusion Server software to gain access to the Windows servers they ran on and pivot to deploying ransomware. None of these attacks were successful,…


Source link

About coldfusion

Check Also

Media3 Launches Azure Marketplace Images for Adobe ColdFusion

BOSTON, April 4, 2023 /PRNewswire/ — Media3, a long-term Adobe partner, announced the release of …

Leave a Reply

Your email address will not be published. Required fields are marked *