Adobe ColdFusion 2023 Updates: New Features, Enhancements, and Migration Strategies

米サイバーセキュリティインフラストラクチャセキュリティ庁（CISA）は、「Adobe ColdFusion」をはじめ、脆弱性6件に対する悪用が確認されているとして注意を呼びかけた。Apple製品、CMS、BIツールなども対象となっている。 現地時間1月8日に「悪用が確認された脆弱性カタログ（KEV）」へ6件の脆弱性を追加したもの。いずれも悪用が確認されており、広く注意を呼びかけたもので、米行政機関などでは一定期間内に対応する義務がある。 「Adobe ColdFusion」に関しては、2023年7月に緊急性が高い脆弱性として修正された脆弱性「CVE-2023-38203」「CVE-2023-29300」が同リストへ追加された。信頼できないデータをデシリアライズし、リモートよりコードを実行されるおそれがある。 また「macOS」や「iOS」などApple製品のフォント解析処理に明らかとなった脆弱性「CVE-2023-41990」を同カタログへ加えた。「watchOS」「tvOS」なども影響を受ける。 同脆弱性は、2023年1月から7月にかけてリリースした各製品のアップデートにて修正したとされているが、アドバイザリ公表当時は脆弱性について公表していなかった。 CVE番号が採番されたのは同年9月に入ってからで同月各製品のセキュリティアドバイザリに追記。iOSを標的とした攻撃が行われたことを明らかにした。同脆弱性の悪用についてはKasperskyが言及している。

【セキュリティ ニュース】脆弱性6件に対する攻撃に注意を喚起 - 米当局（1ページ目 / 全2ページ）：Security NEXT

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

Source: https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

http://securitytc.com/SznCmq

YouTube Video Summaries Enhanced by Eightify AI ChatGPT In an era where information inundates us at every turn, the art of distillation has become paramount. Imagine having the ability to swiftly extract the essence of lengthy YouTube videos, gaining a comprehensive understanding of their main points in a matter of moments. Enter Eightify AI ChatGPT, a revolutionary tool designed to reshape how we engage with online video content. Elevate Your Video Engagement With the advent of Eightify AI ChatGPT, delving into the heart of YouTube videos has never been easier. By seamlessly integrating with Chrome and Safari, this innovative extension empowers users to swiftly access condensed summaries of videos. The Chrome extension, offering unparalleled convenience, allows users to unlock key ideas instantaneously, eliminating the need to sift through extensive content. The Power of Summarization Dive deep into subjects spanning from business education to behavioral genetics, and from personal growth to AI trends. Eightify AI ChatGPT redefines the way you acquire knowledge from diverse sources. Whether it's insights from "Google Panics Over ChatGPT" by ColdFusion or personal musings in "If I Started a YouTube Channel in 2023, I'd Do This" by Ali Abdaal, the tool condenses content while preserving its essence. Crossing Boundaries and Saving Time Language barriers crumble as This AI ChatGPT presents summaries that transcend linguistic obstacles. Engage with content like "GPT, GPT-2, GPT-3 论文精读" by Mu Li, and seamlessly bridge the language gap. Decision-making accelerates as seen in "Sony XM4 vs XM5 | Which headphones are better?" by Mark Ellis Reviews, where This AI ChatGPT assists in swiftly evaluating options. In a world where information reigns supreme, Eightify AI ChatGPT emerges as the ultimate ally. It paves the way for efficient learning, decision-making, and idea extraction from an expansive range of YouTube videos. Experience the Future of Learning and Engagement with This AI ChatGPT. Install the Chrome extension now, and embrace a new dimension of efficiency and knowledge acquisition. Features Chrome and Safari Extensions: With our user-friendly Chrome and Safari extensions, accessing video summaries is as easy as a click. No more hassle, just efficiency. Quick Access to Key Ideas: Bid farewell to long-winded videos! this AI ChatGPT generates concise summaries that capture the main points of the video, ensuring you get the crucial information in a fraction of the time. Advantages Business Education Simplified: Stay ahead in the business world by swiftly grasping the core insights from videos like "Google Panics Over ChatGPT [The AI Wars Have Begun]" by ColdFusion. Optimize Personal Growth: Immerse yourself in personal development videos like "If I Started a YouTube Channel in 2023, I'd Do This" by Ali Abdaal, and accelerate your journey towards self-improvement. Decisiveness Made Easy: Make informed choices more efficiently after watching comparative videos such as "Sony XM4 vs XM5 | Which headphones are better?" by Mark Ellis Reviews. Benefits Time Efficiency: Get key takeaways without the time commitment of watching entire videos, allowing you to explore more topics in less time. Language Barrier Breakdown: Overcome language constraints with ease, as Eightify AI ChatGPT helps you comprehend videos like "GPT, GPT-2, GPT-3 论文精读【论文精读】" by Mu Li, even if they are not in your native language. Stay Trendy: Stay up-to-date with AI and GPT trends, expanding your knowledge effortlessly. Ready to revolutionize your YouTube experience? Try this AI ChatGPT today and unlock the potential of streamlined learning. Whether it's business insights, personal growth, or informed decisions, Eightify AI ChatGPT has you covered. Save time, absorb more, and make the most of your YouTube journey. Experience the future of video consumption!

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

The Hacker News : The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 ( http://dlvr.it/Sv02nK Posted by : Mohit Kumar ( Hacker )

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

http://i.securitythinkingcap.com/SzlVXg

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

http://i.securitythinkingcap.com/Szkb5M

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

Source: https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html

More info: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

The Hacker News : Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions: ColdFusion 2023 (Update http://dlvr.it/SsRn7P Posted by : Mohit Kumar ( Hacker )

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

http://i.securitythinkingcap.com/SsMYsq