CISA Implements Ransomware Warning Program for Critical Infrastructure

March 15, 2023 at 04:39 PM

•

1 min read

CISA Implements Ransomware Warning Program for Critical Infrastructure — Photo: BleepingComputer

TL;DR Summary

A US federal agency's Microsoft IIS web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component. At least two threat actors accessed the unpatched server by exploiting this bug to gain remote code execution. The attackers had access to the server between November 2022 and early January 2023. The malware installed on the compromised IIS server could deploy additional payloads, evading detection by deleting its traces on the system, and opening reverse shells to maintain persistence. The CVE-2019-18935 Telerik UI vulnerability was also included in the NSA's top 25 security bugs abused by Chinese hackers and the FBI's list of top targeted vulnerabilities.

Topics:business #cybersecurity #malware #remote-code-execution #telerik-bug #us-federal-agency #vulnerability

Share this article

US federal agency hacked using old Telerik bug to steal data BleepingComputer
CISA Launches Ransomware Warning Pilot for Critical Infrastructure Nextgov
CISA Trials Ransomware Warning System for Critical Infrastructure Orgs DARKReading
CISA Creates New Ransomware Vulnerability Warning Program Infosecurity Magazine
'Multiple Threat Actors' Used Old Exploit to Access Federal Agency Servers Nextgov

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

78%

524 → 113 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights