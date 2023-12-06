HamberMenu
  1. Elections
  2. Health
  3. Editorial
  4. SEARCH Icon
  1. Elections
  2. Health
  3. Editorial
  4. SEARCH Icon

To enjoy additional benefits

ShowcaseCrossword+

CONNECT WITH US

Hackers use patched security bug in Adobe ColdFusion to compromise U.S. agencies

U.S. cybersecurity agency issued a warning against hackers actively exploiting a critical vulnerability in Adobe ColdFusion to gain access to government servers

December 06, 2023 03:27 pm | Updated 03:27 pm IST

The Hindu Bureau
Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies.

Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies. | Photo Credit: Reuters

Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies.

The security bug in Adobe ColdFusion was exploited as zero day before the software maker fixed it in mid-March. However, the use of outdated versions of the software prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning urging federal organisations and state services to apply the available security patch.

According to CISA, hackers are leveraging the security bug in the software to insert malware in the HTTPS pathway associated with ColdFusion.

ALSO READ
Adobe unveils over 100 new AI features across products and three new Firefly models

The malware allows hackers to install code, which in turn is used to extract credentials. Hackers were also found to delete files used in the attack to hide their presence.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The use of an outdated version of the software to compromise security highlights the need to ensure that latest available security patches are installed.

CISA recommended upgrading ColdFusion to the latest available version, applying network segmentation, enforcing signed software execution policies and implementation of firewalls to fight off the attacks.

Related stories

Related Topics

technology (general) / internet / World / cyber crime

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.