Saturday, December 21, 2013

Installation of IIS malware through ColdFusion flaw

Attackers used an authentication bypass vulnerability in Adobe's ColdFusion software as a stepping stone in an attack that infected web servers with malware. Additional details about the attack emerged in recent days as researchers from Trustwave's SpiderLabs continued to dig into reports of malware disguised as modules for Microsoft's Internet Information Services (IIS) software. According to Trustwave, the malware - which they have dubbed ISN - is designed to steal data and targets information in POST requests. The vulnerability the attackers used was CVE-2013-0629, which Adobe actually patched back in January. "It is important to also highlight the criticality of having an expedited patching life-cycle," Trustwave's Ryan Barnett blogged, noting that in one incident, the targeted organizations was compromised less than two months after Adobe disclosed the vulnerability. <more>

No comments: