LATESTTECHNOLOGY

Hands up who hasn’t used this years-old weakness to compromise a US government web server…

By exploiting a critical Telerik bug that has been around for three years to achieve remote code execution, multiple criminals, including at least potentially one nation-state group, broke into the Microsoft Internet Information Services web server of a US federal government agency.

A joint alert issued this week by the FBI, CISA, and America’s Multi-State Information Sharing and Analysis Center (MS-ISAC) claims that the incident occurred between November 2022 and the beginning of January.

According to the advisory, the Federal authorities discovered the intrusion after spotting warning signs at a federal civilian executive branch agency. The federal agency’s name was not included.

According to the joint advisory, Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability (CVE-2019-18935) in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server.

The process of converting a memory data structure into a sequence of bytes for storage or transmission is known as serialization. This is reversed by deserialization, which transforms a data stream into a memory object.

According to Mandiant, deserialization vulnerabilities are essentially the result of applications placing too much trust in data that a user (or attacker) can tamper with. They affect multiple programming languages and applications.

This Telerik bug, which was first discovered in 2019, has a CVSS severity score of 9.8 and is particularly popular with criminals with Beijing backing. made the top 25 list of computer security flaws that Chinese government hackers use to hack into networks and steal data in 2020.

We’d be willing to bet that the advanced persistent threat (APT) player is one of President Xi Jinping’s cyber-goon squads, even though the Feds don’t name it in their alert. Additionally, it is evident that no one in the federal government was informed of the importance of applying security updates promptly.

The advisory states that Telerik UI for ASP.NET AJAX builds prior to R1 2020 (2020.1.114) are the only ones that are vulnerable. CISA also discovered malicious files and other signs of compromise in a separate malware analysis.

In addition, the cybersecurity agency recommends that businesses limit permissions to the minimum required to run services and keep up with patching to ensure that their software is up to date.

After a string of high-profile break-ins and data thefts at the US government, the most recent security alert was issued. The FBI said last week that it was looking into a breach of DC Health Care Link’s servers where thieves stole personal information from staff and members of Congress.

The Affordable Care Act’s online marketplace for healthcare plans for members of Congress, their families, and staff is DC Health Link. On dark web forums, some of that stolen data is currently for sale.

Additionally, the US Marshals Service acknowledged at the end of February that a major breach of its information security defenses resulted in the spread of ransomware and the exfiltration of law enforcement sensitive information.

Our Other Related Reports:

Global Health Scales Market with Emerging Growth 2023 | Top Key Players, Production Capacity Estimates, Revenue, Sales, Competitive Environment and SWOT Analysis with Forecasts 2028

Natural Toothpaste Market Size & Share 2023 – Global Business Review, Key Findings, Company Profiles, Growth Strategy, Developing Technologies, Trends and Forecast by Regions

Spinning Chair Market Size & Share 2023 – Global Business Review, Key Findings, Company Profiles, Growth Strategy, Developing Technologies, Trends and Forecast by Regions

Printing Calculators Market Size 2023 | New Business Opportunities with Covid-19 Effect, Growth Drivers, Latest Trends, Future Demand, Analysis by Top Leading Player till Forecast 2028

Luxury Jewelry Market Regional Outlook and SWOT Analysis with Market Size Estimates for Enhanced Growth 2023-2028

2022-2030 Report on Global Padel Rackets Market by Player, Region, Type, Application and Sales Channel

Global Personal Exercise Mats Market Analysis by Top Leading Player | Strategic Investment Plans, Business Opportunities, SWOT Analysis, Regional Growth Challenges with Covid-19 Impact for Forecast 2023-2028

HDPE Containers Market Regional Overview 2023-2028 | Size and Share Estimation, Revenue, Business Prospect, Growth Opportunity, Challenges, Potential Benefits till 2028

Global Denim Market Growth Statistics 2023 | Competitive Landscape, Restraining Factors, Market Concentration Rate, Development Status and Growth by Forecast 2027

Ceiling Lamp Market Size, Current Insights and Demographic Trends 2023-2028

Hydration Backpack Market Size 2023 | New Business Opportunities with Covid-19 Effect, Growth Drivers, Latest Trends, Future Demand, Analysis by Top Leading Player till Forecast 2028

Compostable Straw Market Size, Regional Status, and Outlook 2023-2029

Ergonomic Products Market Regional Overview 2023-2029 | Size and Share Estimation, Revenue, Business Prospect, Growth Opportunity, Challenges, Potential Benefits till 2029

Global Trampolines for Kids Market with Sales and Drivers Analysis 2023 | Regional Production Volume, Size and Shares, Growth, Demand-Supply Scenario and Prospect 2027

Global Hard Drives Market Research Report 2021

Solar USB Chargers Market Size 2023 | New Business Opportunities with Covid-19 Effect, Growth Drivers, Latest Trends, Future Demand, Analysis by Top Leading Player till Forecast 2028

Hex-Key Wrench Market Size, Regional Status, and Outlook 2023-2028

Global Archive Boxes Sales Market Report 2021

Global Nail Polish Market analysis by Top Leading Player | Strategic Investment Plans, Business Opportunities, SWOT Analysis, Regional Growth Challenges with Covid-19 Impact for Forecast 2027

Personalized Nutrition Market Regional Outlook and SWOT Analysis with Market Size Estimates for Enhanced Growth 2023-2028

Global Lavalier Microphone Market Growth Statistics 2023 | Competitive Landscape, Restraining Factors, Market Concentration Rate, Development Status and Growth by Forecast 2027

Global Vending Cups Market with Sales and Drivers Analysis 2023 | Regional Production Volume, Size and Shares, Growth, Demand-Supply Scenario and Prospect 2027

Global GPS Golf Watches Market with Emerging Trends 2023 | Top Key Players Updates, Business Growing Strategies, Competitive Dynamics, Industry Segmentation and Forecast to 2028

Global Scrunchies Market Growth Statistics 2023 | Competitive Landscape, Restraining Factors, Market Concentration Rate, Development Status and Growth by Forecast 2028

Puzzle Toy Market Share, Size 2023 | Consumption Analysis By Applications, Future Demand, Top Leading Players, Competitive Situation, Emerging Trends and Forecast to 2028