Hackers use patched security bug in Adobe ColdFusion to compromise U.S. agencies

December 06, 2023 03:27 pm | Updated 03:27 pm IST

U.S. cybersecurity agency issued a warning against hackers actively exploiting a critical vulnerability in Adobe ColdFusion to gain access to government servers

The Hindu Bureau

Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies. | Photo Credit: Reuters

Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies.

The security bug in Adobe ColdFusion was exploited as zero day before the software maker fixed it in mid-March. However, the use of outdated versions of the software prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning urging federal organisations and state services to apply the available security patch.

According to CISA, hackers are leveraging the security bug in the software to insert malware in the HTTPS pathway associated with ColdFusion.

The malware allows hackers to install code, which in turn is used to extract credentials. Hackers were also found to delete files used in the attack to hide their presence.

(For top technology news of the day, subscribe to our tech newsletter Today's Cache)

The use of an outdated version of the software to compromise security highlights the need to ensure that latest available security patches are installed.

CISA recommended upgrading ColdFusion to the latest available version, applying network segmentation, enforcing signed software execution policies and implementation of firewalls to fight off the attacks.

