December 6, 2023 at 05:32PM
An unidentified actor exploited a patched Adobe ColdFusion vulnerability, CVE-2023-26360, on two US government agency servers, targeting legacy versions for reconnaissance without data theft or lateral movement. Adobe and CISA had previously ranked the flaw critical. Security tools detected the incidents, highlighting risks inherent in legacy systems.
Meeting Takeaways:
1. Unidentified attackers exploited a critical patched vulnerability, CVE-2023-26360, in Adobe ColdFusion, affecting two web servers at a US federal agency earlier this year.
2. CISA reported no evidence of data theft or lateral network movement but confirmed the incidents were likely reconnaissance efforts.
3. The attacks occurred in June and July, targeting legacy, unsupported ColdFusion versions on the servers.
4. Adobe patched the vulnerability in March after reports of its active exploitation, and it was subsequently added to CISA’s Known Exploited Vulnerabilities catalog.
5. Adobe ColdFusion is less popular but still used by many organizations, including 60% of Fortune 500 companies, presenting a significant target for attackers.
6. In the June attack, the threat actor performed network checks and attempted to collect sensitive information after breaching the server.
7. In the subsequent July attack, the same or a different attacker breached another web server, exploring potential for lateral movement and collecting network and administrative information.
8. Microsoft Defender for Endpoint detected the potential exploit and triggered alerts in the agency’s pre-production environment.
9. Security professionals emphasize the risk posed by legacy systems like ColdFusion due to lack of updates and support, prevalence in organizations, and reduced monitoring.
10. The situation underlines the importance of regular software updates, advanced security measures, and transitioning away from unsupported legacy systems to mitigate vulnerabilities and cyber threats.