Government Servers Breached by Hackers Exploiting Adobe ColdFusion Vulnerability

December 6, 2023 at 10:10 AM

•

1 min read

Government Servers Breached by Hackers Exploiting Adobe ColdFusion Vulnerability — Photo: The Hacker News

TL;DR Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. The vulnerability, CVE-2023-26360, allows for arbitrary code execution and affects outdated versions of ColdFusion 2018 and ColdFusion 2021. At least two public-facing servers were compromised, and the attackers were able to drop malware and perform reconnaissance activities. No data exfiltration has been observed, but the threat actors attempted to decrypt passwords using the seed values found in the ColdFusion seed.properties file.

Topics:business #coldfusion #cybersecurity #federal-agency #server-breach #threat-actors #vulnerability

Share this article

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers The Hacker News
Hackers breach US govt agencies using Adobe ColdFusion exploit BleepingComputer
Attackers breach US government agencies through ColdFusion flaw CSO Online
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Help Net Security
CISA says US government agency was hacked thanks to ‘end of life’ software TechCrunch

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

80%

482 → 94 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights