Critical ColdFusion flaws exploited in attacks to drop webshells

July 17, 2023, 4:26 p.m. | Lawrence Abrams

BleepingComputer www.bleepingcomputer.com

Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers. [...]

attacks authentication bypass coldfusion critical exploited exploiting flaws hackers install security servers vulnerabilities vulnerable webshells

Visit resource

More from www.bleepingcomputer.com / BleepingComputer

Iranian hackers pose as journalists to push backdoor malware 13 hours ago | www.bleepingcomputer.com

actor apt42 attacks backdoor +20

Android bug can leak DNS traffic with VPN kill switch enabled 1 day, 6 hours ago | www.bleepingcomputer.com

android android devices block bug +15

Android bug leaks DNS queries even when VPN kill switch is enabled 1 day, 6 hours ago | www.bleepingcomputer.com

android android devices block bug +14

NSA warns of North Korean hackers exploiting weak DMARC email policies 1 day, 8 hours ago | www.bleepingcomputer.com

apt43 attacks authentication dmarc +19

Google rolls back reCaptcha update to fix Firefox issues 1 day, 10 hours ago | www.bleepingcomputer.com

back bug captcha firefox +11

NATO and EU condemn Russia's cyberattacks against Germany, Czechia 1 day, 12 hours ago | www.bleepingcomputer.com

apt28 campaign countries cyber +14

Microsoft rolls out passkey auth for personal Microsoft accounts 1 day, 12 hours ago | www.bleepingcomputer.com

accounts auth authenticate biometric +20

CEO who sold fake Cisco devices to US military gets 6 years in prison 2 days, 5 hours ago | www.bleepingcomputer.com

ceo cisco companies counterfeit +14

Bitwarden launches new MFA Authenticator app for iOS, Android 2 days, 7 hours ago | www.bleepingcomputer.com

android android devices app authenticator +12

DevSecOps Engineer

@ Material Bank | Remote

View on infosec-jobs.com

Instrumentation & Control Engineer - Cyber Security

@ ASSYSTEM | Bridgwater, United Kingdom

View on infosec-jobs.com

Security Consultant

@ Tenable | MD - Columbia - Headquarters

View on infosec-jobs.com

Management Consultant - Cybersecurity - Internship

@ Wavestone | Hong Kong, Hong Kong

View on infosec-jobs.com

TRANSCOM IGC - Cybersecurity Engineer

@ IT Partners, Inc | St. Louis, Missouri, United States

View on infosec-jobs.com

Manager, Security Operations Engineering (EMEA)

@ GitLab | Remote, EMEA

View on infosec-jobs.com

View more jobs

all InfoSec news

Critical ColdFusion flaws exploited in attacks to drop webshells

More from www.bleepingcomputer.com / BleepingComputer

Jobs in InfoSec / Cybersecurity

DevSecOps Engineer

Instrumentation & Control Engineer - Cyber Security

Security Consultant

Management Consultant - Cybersecurity - Internship

TRANSCOM IGC - Cybersecurity Engineer

Manager, Security Operations Engineering (EMEA)