#CVE202326360

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

by

December 5, 2023 at 12:47PM CISA reported two server breaches at a federal agency due to an unpatched Adobe ColdFusion flaw (CVE-2023-26360). The attackers exploited the vulnerability for reconnaissance and malware deployment, but their further malicious activities were hindered. The incidents occurred months after agencies were ordered to patch the flaw, and the attackers’ identities … Read more

Hackers breach US govt agencies using Adobe ColdFusion exploit

by

December 5, 2023 at 12:07PM CISA warns of ongoing attacks exploiting a critical Adobe ColdFusion vulnerability (CVE-2023-26360), despite a fix. Hackers targeted government servers, installing malware and conducting reconnaissance. Although attacks were contained, CISA stresses updating ColdFusion and enhancing security measures. Meeting Takeaways: 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a … Read more