#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

web server security | Breaking Cybersecurity News | The Hacker News

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Dec 06, 2023 Vulnerability / Web Server Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a  high-severity Adobe ColdFusion vulnerability  by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution," CISA  said , adding an unnamed federal agency was targeted between June and July 2023. The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023. It was added by CISA to the Known Exploited Vulnerabilities (KEV) catalog a day later, citing evidence of active exploitation in the wild. Adobe, in an advisory released around that time, said it's aware of the flaw being "exploited in the wild in very limited attacks."
Why Businesses Should Consider Managed Cloud-Based WAF Protection

Why Businesses Should Consider Managed Cloud-Based WAF Protection

Feb 28, 2020
The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability with them. According to Juniper Research 's prediction, the cost of a data breach could cross $150 million by 2020. With the rising cost of data breaches and cyber-attacks, cybersecurity has become a board room conversation on an unprecedented scale. In this ever-connected online world, web application security is the cornerstone of the overall cybersecurity of any company. When it comes to application security, web application firewall (WAF) based protection has been the first line of defense against web attacks for a while now. A web application firewall is deployed in fron
The Drop in Ransomware Attacks in 2024 and What it Means

The Drop in Ransomware Attacks in 2024 and What it Means

Apr 08, 2024Ransomware / Cybercrime
The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining access to their backend sys
BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

Sep 03, 2019
Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer. Collectively dubbed " USBAnywhere ," the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device. Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without havin
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
New Apache Web Server Bug Threatens Security of Shared Web Hosts

New Apache Web Server Bug Threatens Security of Shared Web Hosts

Apr 02, 2019
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as CVE-2019-0211 , was discovered by Charles Fol , a security engineer at Ambionics Security firm, and patched by the Apache developers in the latest version 2.4.39 of its software released today. The flaw affects Apache HTTP Server versions 2.4.17 through 2.4.38 and could allow any less-privileged user to execute arbitrary code with root privileges on the targeted server. "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interprete
Cybersecurity Resources