Or not enough to patch vulnerable software since March. Hackers breach US govt agencies using Adobe ColdFusion exploit
CISA, the Cyber Security and Infrastructure Security Agency (which was apparently named by the Department of Redundancy Department, and has the world's worst logo) points out that government agencies don't give an F about security, or protecting your data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
ColdFusion is a web development platform. Adobe released the patches to the various systems in March of this year. Government Agencies couldn't be bothered to install them.
It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6.
So... March 6th to December 5th, the date CISA issued its latest warning, and there are government agencies that couldn't be bothered to update the software against known problems. There are both federal and state agencies in that category of "I don't care," apparently.
And I'm not shocked that govt agencies can't be bothered to do their jobs.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.