Outdated Vulnerability Exploited by Multiple Hacker Groups to Breach US Federal Agency.

March 16, 2023 at 06:34 AM

•

1 min read

Outdated Vulnerability Exploited by Multiple Hacker Groups to Breach US Federal Agency. — Photo: The Hacker News

TL;DR Summary

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The vulnerability, tracked as CVE-2019-18935, relates to a .NET deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX that, if left unpatched, could lead to remote code execution. Organizations are recommended to upgrade their instances of Telerik UI ASP.NET AJAX to the latest version, implement network segmentation, and enforce phishing-resistant multi-factor authentication for accounts that have privileged access.

Topics:business #cve-2019-18935 #cyber-attack-vulnerability #federal-agency #progress-telerik #remote-code-execution #threat-actors

Share this article

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency The Hacker News
Hands up who DIDN'T exploit this years-old flaw to ransack a US govt web server... The Register
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups CyberScoop
Nation state hackers exploited years-old bug to breach a US federal agency TechCrunch
US Government IIS Server Breached via Telerik Software Flaw Infosecurity Magazine

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

83%

487 → 84 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights