Coldfusion blog

Guerrilla RF and Adobe partner to deliver website enhancements, dramatically reducing development operations cycle times

GREENSBORO, NC–(BUSINESS WIRE)–Guerrilla RF (GRF) today announced that it has entered into a collaboration with Adobe to deploy its award-winning web application development platform, ColdFusion, within the Guerrilla RF web development workflow. By deploying Adobe’s ColdFusion solutions, Guerrilla RF was able to significantly reduce the development time associated with building and optimizing traditional websites. In […]

Coldfusion training

Ransomware patch or perish: attackers exploit ColdFusion

[ad_1] Security of critical infrastructures, Cybercrime, Cybercrime as-a-service Cring Ransomware Unleashed After Attackers Exploited Unpatched Flaw From 2009 Mathew J. Schwartz (euroinfosec) • September 27, 2021 Ransom note left by attackers using Cring ransomware (Source: Sophos) To fight ransomware, experts advise security teams to stay on top of how attackers hacked their latest victims. In […]

Coldfusion blog

Attackers use old Windows ColdFusion server to spread Cring ransomware

[ad_1] The old is sometimes not gold, especially when it comes to old versions of ColdFusion running on versions of Windows that have reached end of life, as the global company demonstrated. Sophos security through its research on a server that was taken over by strangers. actors using Cring ransomware. Andrew Brandt, Senior Researcher at […]

Coldfusion training

Cring Ransomware Gang Exploits 11 Year Old ColdFusion Bug

[ad_1] Unidentified malicious actors broke into a server running an unpatched 11-year-old version of Adobe’s ColdFusion 9 software in minutes to take remote control and deploy file-encrypting Cring ransomware to the target’s network 79 hours after the hack. The server, which was owned by an anonymous service company, was used to collect timesheets and accounting […]

Coldfusion blog

Intrusion Truth details work of suspected Chinese hackers indicted in US

[ad_1] Written by Sean Lyngaas May 6, 2021 | CYBERSCOOP Intrusion Truth, a mysterious group known for exposing alleged Chinese cyber-espionage operations, released a new investigation on Thursday that tracked front companies allegedly used by two Chinese men indicted by a US grand jury last year. The findings highlight a dynamic that U.S. law enforcement […]

Adobe coldfusion

Addressed critical code execution vulnerability in Adobe ColdFusion

[ad_1] Adobe has released out of band security updates to address a critical vulnerability affecting ColdFusion 2021, 2016, and 2018 releases. Today’s emergency updates fix an arbitrary code execution security vulnerability caused by a Bad Input Validation software vulnerability. Adobe has released ColdFusion 2016 Update 17, ColdFusion 2018 Update 11, and ColdFusion 2021 Update 1 […]

Coldfusion blog

Red Team FireEye tools stolen in cyberattack

[ad_1] FireEye urges organizations to take precautions after suspected nation-state hackers raped the security provider and stole its Red Team tools. The massive cyber attack, which FireEye revealed on Tuesday, was perpetrated by “a nation with leading offensive capabilities,” CEO Kevin Mandia wrote in a blog post. As part of the cyberattack, tools from the […]

Coldfusion blog

Red Team FireEye tools stolen in cyber attack

[ad_1] FireEye urges organizations to take precautions after suspected nation-state hackers raped the security provider and stole its Red Team tools. the massive cyber attack, which FireEye revealed on Tuesday, was perpetrated by “a nation with outstanding offensive capabilities,” CEO Kevin Mandia wrote in a blog post. As part of the cyberattack, tools from the […]

Coldfusion webinar

Adobe releases critical fixes for Acrobat Reader, Photoshop, Bridge, ColdFusion

[ad_1] While not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to address a total of 41 new security vulnerabilities. Adobe last week made a prior announcement to notify its users of an upcoming security update for Acrobat and Reader, but the company today disclosed bugs […]

Coldfusion blog

Hackers Exploit Recently Fixed ColdFusion Vulnerability

[ad_1] A Chinese group APT hacked web servers by exploiting a vulnerability in Adobe ColdFusion which was patched in September and for which no exploit has been publicly released. The vulnerability, identified as CVE-2018-15961, affects ColdFusion 11 Update 14 and earlier, ColdFusion 2016 Update 6 and earlier, and the ColdFusion 2018 release of July 12. […]

Coldfusion blog

Adobe ColdFusion bug recently fixed and exploited by the Chinese APT

[ad_1] A suspected Chinese APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly downloading a China Chopper webshell. The targeted servers had not been updated with the patch released two weeks earlier. Volexity researchers observed the active exploitation of the recently fixed CVE-2018-15961 vulnerability, a […]

Adobe coldfusion

Adobe ColdFusion servers attacked by APT group

[ad_1] A nation-state cyber espionage group is actively hacking Adobe ColdFusion servers and installing backdoors for future operations, Volexity researchers told ZDNet. The attacks have been taking place since late September and have targeted ColdFusion servers that were not updated with security patches released by Adobe two weeks earlier on September 11. It looks like […]

Coldfusion blog

The Long Tail of ColdFusion Fail – Krebs on Security

Earlier this month I posted a story about a criminal hacking gang using Adobe Cold Fusion vulnerabilities to create a botnet of hacked e-commerce sites that were exploited for customer credit card data. Today’s article examines the impact this botnet has had on several companies, as well as the important and costly lessons these companies […]

Adobe coldfusion

Hackers breached Washington state court with Adobe ColdFusion flaw

[ad_1] Hackers used a flaw in Adobe’s ColdFusion software to violate the Washington State Courts Administrative Office. Hackers may have accessed 160,000 social security numbers and up to one million driver’s license numbers, according to a court statement Thursday. The court only confirmed that 94 Social Security numbers were definitely taken, however, and believes the […]