Coldfusion blog

Microsoft’s Late Summer Software Security Cleanup Fixes Over 80 Bugs • The Register

Tuesday patch For its September Patch Tuesday, Microsoft released fixes for 66 vulnerabilities as well as 20 Chromium security bugs in Microsoft Edge. Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and Windows Subsystem for Linux. Of these CVE, three are rated critical, one is rated moderate, and […]

Adobe coldfusion

Addressed critical code execution vulnerability in Adobe ColdFusion

Adobe has released out of band security updates to address a critical vulnerability affecting ColdFusion 2021, 2016, and 2018 releases. Today’s emergency updates fix an arbitrary code execution security vulnerability caused by a Bad Input Validation software vulnerability. Adobe has released ColdFusion 2016 Update 17, ColdFusion 2018 Update 11, and ColdFusion 2021 Update 1 to […]

Coldfusion blog

Red Team FireEye tools stolen in cyberattack

FireEye urges organizations to take precautions after suspected nation-state hackers raped the security provider and stole its Red Team tools. The massive cyber attack, which FireEye revealed on Tuesday, was perpetrated by “a nation with leading offensive capabilities,” CEO Kevin Mandia wrote in a blog post. As part of the cyberattack, tools from the FireEye […]

Coldfusion blog

Red Team FireEye tools stolen in cyber attack

FireEye urges organizations to take precautions after suspected nation-state hackers raped the security provider and stole its Red Team tools. the massive cyber attack, which FireEye revealed on Tuesday, was perpetrated by “a nation with outstanding offensive capabilities,” CEO Kevin Mandia wrote in a blog post. As part of the cyberattack, tools from the FireEye […]

Coldfusion webinar

Adobe releases critical fixes for Acrobat Reader, Photoshop, Bridge, ColdFusion

While not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to address a total of 41 new security vulnerabilities. Adobe last week made a prior announcement to notify its users of an upcoming security update for Acrobat and Reader, but the company today disclosed bugs in […]

Coldfusion training

Adobe fixes critical security vulnerabilities in Coldfusion

Adobe has released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are classified as critical because they allow code execution and can bypass access controls. The other is a tagged review because it allows information disclosure. The most critical issue is the code execution vulnerability as it could potentially allow a server […]

Coldfusion blog

Hackers Exploit Recently Fixed ColdFusion Vulnerability

A Chinese group APT hacked web servers by exploiting a vulnerability in Adobe ColdFusion which was patched in September and for which no exploit has been publicly released. The vulnerability, identified as CVE-2018-15961, affects ColdFusion 11 Update 14 and earlier, ColdFusion 2016 Update 6 and earlier, and the ColdFusion 2018 release of July 12. It […]

Coldfusion blog

Adobe ColdFusion bug recently fixed and exploited by the Chinese APT

A suspected Chinese APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly downloading a China Chopper webshell. The targeted servers had not been updated with the patch released two weeks earlier. Volexity researchers observed the active exploitation of the recently fixed CVE-2018-15961 vulnerability, a critical […]