Hands up who hasn’t used this years-old weakness to compromise a US government web server…
By exploiting a critical Telerik bug that has been around for three years to achieve remote code execution, multiple criminals, including at least potentially one nation-state group, broke into the Microsoft Internet Information Services web server of a US federal government agency.
A joint alert issued this week by the FBI, CISA, and America’s Multi-State Information Sharing and Analysis Center (MS-ISAC) claims that the incident occurred between November 2022 and the beginning of January.
According to the advisory, the Federal authorities discovered the intrusion after spotting warning signs at a federal civilian executive branch agency. The federal agency’s name was not included.
According to the joint advisory, Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability (CVE-2019-18935) in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server.
The process of converting a memory data structure into a sequence of bytes for storage or transmission is known as serialization. This is reversed by deserialization, which transforms a data stream into a memory object.
According to Mandiant, deserialization vulnerabilities are essentially the result of applications placing too much trust in data that a user (or attacker) can tamper with. They affect multiple programming languages and applications.
This Telerik bug, which was first discovered in 2019, has a CVSS severity score of 9.8 and is particularly popular with criminals with Beijing backing. made the top 25 list of computer security flaws that Chinese government hackers use to hack into networks and steal data in 2020.
We’d be willing to bet that the advanced persistent threat (APT) player is one of President Xi Jinping’s cyber-goon squads, even though the Feds don’t name it in their alert. Additionally, it is evident that no one in the federal government was informed of the importance of applying security updates promptly.
The advisory states that Telerik UI for ASP.NET AJAX builds prior to R1 2020 (2020.1.114) are the only ones that are vulnerable. CISA also discovered malicious files and other signs of compromise in a separate malware analysis.
In addition, the cybersecurity agency recommends that businesses limit permissions to the minimum required to run services and keep up with patching to ensure that their software is up to date.
After a string of high-profile break-ins and data thefts at the US government, the most recent security alert was issued. The FBI said last week that it was looking into a breach of DC Health Care Link’s servers where thieves stole personal information from staff and members of Congress.
The Affordable Care Act’s online marketplace for healthcare plans for members of Congress, their families, and staff is DC Health Link. On dark web forums, some of that stolen data is currently for sale.
Additionally, the US Marshals Service acknowledged at the end of February that a major breach of its information security defenses resulted in the spread of ransomware and the exfiltration of law enforcement sensitive information.
Our Other Related Reports:
Ceiling Lamp Market Size, Current Insights and Demographic Trends 2023-2028
Compostable Straw Market Size, Regional Status, and Outlook 2023-2029
Global Hard Drives Market Research Report 2021
Hex-Key Wrench Market Size, Regional Status, and Outlook 2023-2028