Security experts advise security teams to keep current on how attackers have been hacking their latest victims. Attackers exploited two publicly known flaws – CVE-2010-2861 and then CVE-2009-3960 – in the victim’s 11-year-old installation of Adobe ColdFusion 9, which is a no-longer-supported web-application development platform. “The incident serves as a stark reminder that IT administrators cannot leave out-of-date critical business systems facing the public internet,” says Sophos.”]
Source: https://www.fraudtoday.io/blogs/ransomware-patch-or-perish-attackers-exploit-coldfusion-p-3126