Topics
a la mode
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
mood
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fund-raise
Gadgets
Gaming
Government & Policy
computer hardware
Layoffs
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
security measure
societal
Space
inauguration
TikTok
Transportation
speculation
More from TechCrunch
result
Startup Battlefield
StrictlyVC
Podcasts
video recording
Partner Content
TechCrunch Brand Studio
Crunchboard
touch Us
U.S. cybersecurity agency CISA has warn that unknown hackers give away into the server of a federal governing authority by get hold of advantage of a antecedently know vulnerability in software that no longer receives updates — meaning the bureau could n’t have patched it even if it want to .
On Tuesday , CISA give up an advisorydetailing two disjoined cyberattacks on an nameless federal government agency . The hackers attacked the office in June and July by targeting public - facing servers that were running outdated or end - of - life Adobe ColdFusion software , used for build web applications .
End - of - lifetime software package means that the developer has announced publicly it will no longer be supported or have further software or security department updates . Running terminal - of - life software system is by definition risky because it can not be patched , exposing the organization who runs the package to cyberattacks .
CISA said there is no evidence the assailant planted malware or did anything more than looking around in the hacked agency ’s mesh .
“ Analysis suggests that the malicious action carry by the terror thespian was a reconnaissance effort to map out the broader web , ” but CISA conceded that it could not confirm if data was exfiltrated from the bureau ’s net .
CISA representative Antonio Soliz declined to remark when asked by TechCrunch for more information on who the agency believes are the hacker responsible for for place the government agency .
In the advisory , CISA said it did n’t know if the two cyberattacks were performed by the same hackers .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
In both cyberattacks , Microsoft Defender for Endpoint , Windows ’ native antivirus software system , alerted the agency to the potential exploitation of the Adobe ColdFusion vulnerability and “ quarantined ” the hacker ’ activities .
In March , CISA ordered all federal agency to patch one of the get it on vulnerability in Adobe ColdFusion that were exploited in these fire , CVE-2023 - 26360 .
UPDATE , December 6 , 4:31 p.m. ET : This fib was updated to let in the no comment from CISA spokesperson .
