Month: January 2025

Cybersecurity News

Adobe released Security updates Addressing critical ColdFusion vulnerability with (PoC) Exploit code

Adobe released security updates (APSB24-107) addressing an arbitrary file system vulnerability ColdFusion, identified as CVE-2024-53961,  is linked to a path traversal weakness with proof-of-concept (PoC) exploit code.

This could allow attackers to exploit the flaw and gain unauthorized access to arbitrary files on vulnerable servers. 

As per the updates Adobe ColdFusion versions 2023 and 2021 that addressed an arbitrary file proof-of-concept may enable attackers to read arbitrary files on vulnerable servers, potentially leading to unauthorized access and data exposure warns of critical ColdFusion bug with PoC exploit code.

Summary:

“Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,” Adobe earlier gave statement cautioning customers that it assigned a “Priority 1” severity rating to the flaw because it has a “a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”

Key findings:

  • The vulnerability, CVE-2024-53961, affects ColdFusion 2021 and 2023.
  • Adobe has provided a patch to address the issue.
  • The vulnerability can potentially lead to unauthorized access and data exposure
  • The flaw has been given a Priority 1 severity rating, the highest possible level, due to its potential for exploitation in the wild.
  • Adobe has highlighted the critical nature of these updates and classified the vulnerability with a CVSS base score of 7.4, signifying a threat to the security of affected systems. 

Adobe has issued advisory

  • Monitor systems for any signs of exploitation.
  • Adobe has provided a patch to address the vulnerability remediation to mitigate the risk of exploitation.
  • Consider implementing file system monitoring and logging to detect and prevent unauthorized file access.

Path traversal weakness in ColdFusion; CVE-2024-53961

What is Path Traversal?

Hackers uses a tactics by Tricking a web application into displaying the contents of a directory that was not on request by user to gain access to sensitive files on a server.

The path traversal weakness in ColdFusion could be exploited by an attacker to perform unauthorized file system reads on affected servers.

This means that an attacker could manipulate file paths to access sensitive files that are otherwise restricted. This kind of vulnerability can lead to exposure of critical system information, unauthorized access and data exposure.

Reference: https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/

Cybersecurity News

Sophisticated Phishing Attack Exposed Over 600,000 Users to Data Theft; 16 Chrome Extensions Hacked

A sophisticated phishing attack exposed 600, 000 user data to theft as 16 Chrome Extensions got hacked amounting to credential theft. The attack targeted extension publishers through phishing emails where Developers were tricked into granting access to a malicious OAuth app via fake Chrome Web Store emails. The malicious update mimicked official communications from the Chrome Web Store, stealing sensitive user data.

This breach puts Facebook ad users at high risk of account hacking or unknown access

Summary of the attack

The phishing email was designed to create a sense of urgency posing as Google Chrome Web Store Developer Support, warns the employee of the extension removal for policy violations. The message urges the recipient to accept the publishing policy.

As per Cyberhaven, a cybersecurity firm report mentioned about the impacted firms as the attack occurred on December 24 and involved phishing a company employee to gain access to their Chrome Web Store admin credentials.

16 Chrome Extensions, including popular ones like “AI Assistant – ChatGPT and Gemini for Chrome,” “GPT 4 Summary with OpenAI,” and “Reader Mode,” were compromised, exposing sensitive user data.

Response & Recommendations:

The attackers targeted browser extension publishers with phishing campaigns to gain access to their accounts and insert malicious code.
Extensions such as “Rewards Search Automator” and “Earny – Up to 20% Cash Back” were used to exfiltrate user credentials and identity tokens, particularly from Facebook business accounts.
Malicious versions of extensions communicated with external Command-and-Control (C&C) servers, such as domains like “cyberhavenext[.]pro.”

  • Cyberhaven released a legitimate update (version 24.10.5), hired Mandiant to develop an incident response plan and also notified federal law enforcement agencies for investigation.
  • All users advised to revoke credentials, monitor logs, and secure extensions; investigations continue.
  • As per Cyberhaven, version 24.10.4 of Chrome extension was affected, and the malicious code was active for less than a day.
  • The malicious extension used two files: worker.js contacted a hardcoded C&C server to download configuration and executed HTTP calls, and content.js that collected user data from targeted websites and exfiltrated it to a malicious domain specified in the C&C payload.

Scroll to top