Hackers are exploiting pre-authentication RCE flaws in Adobe ColdFusion. The vulnerabilities pose a risk to Windows and macOS users. Fortinet researchers discovered that attackers inject payloads into the 'argumentCollection' parameter of the URI '/CFIDE/adminapi/accessmanager.cfc.' They use domains like mooo-ng[.]com, redteam[.]tf, and h4ck4fun[.]xyz to validate the vulnerabilities. The attacks originate from IP addresses 81[.]68[.]214[.]122, 81[.]68[.]197[.]3, and 82[.]156[.]147[.]183. Malware variants, including XMRig Miner, DDoS/Lucifer, RudeMiner, and BillGates/Setag, were detected. Despite fixes being introduced, the flaws are still being exploited, so users should upgrade affected systems. #AdobeColdFusion #RCE #vulnerabilities #cybersecurity

https://cybersecuritynews.com/pre-authentication-rce-adobe-coldfusion/