Adobe Coldfusion vulnerability used in attacks on government servers

The Cybersecurity and Infrastructure Security Agency put out a Cybersecurity Advisory to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers.
Adobe ColdFusion is a platform for building and deploying web and mobile applications.
The Common Vulnerabilities and Exposures database lists publicly disclosed computer security flaws.
The exploited vulnerability is listed as CVE-2023-26360, which affects Adobe ColdFusion versions 2018 Update 15 and 2021 Update 5.
The vulnerability is an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user.
A patch for this vulnerability has been available since March 14, 2023.
As we reported at the time, Adobe stated it was aware that CVE-2023-26360 had been exploited in the wild in very limited attacks.
The due date for patching the vulnerability set by CISA was April 5, 2023.
The problem is that the vulnerability also affects ColdFusion 2016 and ColdFusion 11 installations, which have reached end-of-life and are no longer supported with security patches.
According to the CSA, CISA now has confirmation that the vulnerability has been used in attacks on two Federal Civilian Executive Branch.
An analysis of network logs has reportedly confirmed the compromise of at least two public-facing servers within agencies' environments between June and July 2023.
Both servers were running outdated versions of the software that were vulnerable due to several unpatched flaws.
The investigation learned that it was a reconnaissance attack, and there was no evidence of data theft or lateral movement in the network.
In the CSA, CISA shares several indicators of compromise and tactics, techniques, and procedures used in the two attacks.
Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. Prevent intrusions.
Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Use EDR or MDR to detect unusual activity before an attack occurs.
Keep backups offsite and offline, beyond the reach of attackers.
Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.


This Cyber News was published on www.malwarebytes.com. Publication date: Wed, 06 Dec 2023 14:43:06 +0000


Cyber News related to Adobe Coldfusion vulnerability used in attacks on government servers

Hackers breach US govt agencies using Adobe ColdFusion exploit - The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows ...
11 months ago Bleepingcomputer.com
CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw - An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion. The intrusions appear ...
11 months ago Darkreading.com
Hackers Exploit Adobe ColdFusion Flaw to Hack Government Servers - A recent cybersecurity advisory from CISA has brought to light a formidable cyber onslaught, revealing an alarming breach where faceless hackers capitalized on a critical vulnerability within Adobe ColdFusion. This exploit targeted government ...
11 months ago Cybersecuritynews.com
Adobe Coldfusion vulnerability used in attacks on government servers - The Cybersecurity and Infrastructure Security Agency put out a Cybersecurity Advisory to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for ...
11 months ago Malwarebytes.com
CISA: Adobe ColdFusion flaw leveraged to access government servers - Unknown attackers have leveraged a critical vulnerability in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency has shared. CVE-2023-26360 is a deserialization of ...
11 months ago Helpnetsecurity.com
Lawmakers: Ban TikTok to Stop Election Misinformation! Same Lawmakers: Restrict How Government Addresses Election Misinformation! - In a case being heard Monday at the Supreme Court, 45 Washington lawmakers have argued that government communications with social media sites about possible election interference misinformation are illegal. Just this week the vast majority of those ...
8 months ago Eff.org
CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency - A security flaw in Adobe's ColdFusion application development tool that was patched in March continues to be a headache for organizations running unpatched versions of the product. This week, the U.S. Cybersecurity and Infrastructure Security Agency ...
11 months ago Securityboulevard.com
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
11 months ago Go.theregister.com
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
6 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
6 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
6 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
6 years ago
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
6 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
6 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
6 years ago
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
6 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
6 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
6 years ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2994 - Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html ...
6 years ago
What a failed attack against ColdFusion revealed about ransomware tools and tactics - A recent attack levied against servers running out-of-date Adobe software sheds some light on how threat actors are currently trying to exploit systems and deploy ransomware. In this recent attack, which took place in September and early October, the ...
1 year ago Scmagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)