Security News > 2023 > December > CISA details twin attacks on federal servers via unpatched ColdFusion flaw
CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability.
In a Tuesday advisory, CISA revealed the federal civilian executive branch in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA's deadline.
CISA did not respond to questions about whether the agency has now patched the vulnerability, who was behind the attack, or its stance on the missed deadline.
Analysis of logs revealed the two servers identified as compromised were attacked in what appears to be two separate attacks.
It's believed both campaigns were designed as reconnaissance efforts to understand the broader network, although CISA also declined to say if the two attacks were linked to the same operators.
CISA said it's highly likely that the attackers accessed the ColdFusion seed value and encryption method used to encrypt passwords - a method that can also be used to decrypt them.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/05/cisa_coldfusion_government/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)