Hackers have breached a US federal agency's systems twice by exploiting an unpatched vulnerability in Adobe ColdFusion. Despite an order for agencies to patch the bug by April 5, the agency failed to meet the deadline, leaving their systems vulnerable. The attackers targeted older versions of ColdFusion that are no longer supported by Adobe. They compromised public-facing servers and gained a foothold on two agency systems. The attackers dropped malware and a remote access trojan (RAT) on the compromised servers. The Cybersecurity and Infrastructure Security Agency (CISA) has recommended upgrading all affected versions of ColdFusion and keeping software up to date to mitigate the vulnerability [b673caf4].
These widespread cyberattacks targeting various software platforms highlight the importance of staying vigilant and promptly applying security updates to protect against potential exploits. Organizations should prioritize cybersecurity measures and ensure they have the latest patches installed to mitigate the risk of data breaches and other malicious activities.
In a separate incident, multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. The vulnerability, tracked as CVE-2023-22527, is a remote code execution (RCE) flaw affecting Atlassian Confluence Data Center and Confluence Server versions between 8.0.x and 8.5.3. Exploitation could allow an unauthenticated attacker to achieve RCE on an affected instance. The Shadowserver Foundation observed the earliest exploitation attempts beginning on Jan. 19, just three days after disclosure. As of Monday, more than 11,000 vulnerable instances remained. GreyNoise observed 37 malicious IP addresses attempting to exploit the vulnerability. Rapid7 also confirmed exploitation attempts, but they have been ineffective so far. SANS Technology Institute's Internet Storm Center detected initial exploitation activity on Monday, which has since 'exploded' according to Johannes Ullrich. Atlassian has urged users to patch the vulnerability and engage their local security team to check for evidence of compromise. This marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. The previous vulnerabilities were tracked as CVE-2023-22518 and CVE-2023-22515.
These incidents highlight the ongoing challenges organizations face in maintaining the security of their software systems. It is crucial for organizations to promptly apply security patches and updates to protect against potential exploits. Regular vulnerability assessments and proactive security measures are essential to mitigate the risk of cyberattacks and data breaches.