#FederalAgencyHack

CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

by

December 6, 2023 at 05:32PM An unidentified actor exploited a patched Adobe ColdFusion vulnerability, CVE-2023-26360, on two US government agency servers, targeting legacy versions for reconnaissance without data theft or lateral movement. Adobe and CISA had previously ranked the flaw critical. Security tools detected the incidents, highlighting risks inherent in legacy systems. Meeting Takeaways: 1. … Read more

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

by

December 5, 2023 at 12:47PM CISA reported two server breaches at a federal agency due to an unpatched Adobe ColdFusion flaw (CVE-2023-26360). The attackers exploited the vulnerability for reconnaissance and malware deployment, but their further malicious activities were hindered. The incidents occurred months after agencies were ordered to patch the flaw, and the attackers’ identities … Read more