US Federal Agencies Hacked by Multiple Threat Actors Exploiting Old Flaws.
Criminals, including potentially an APT group, exploited a three-year-old Telerik bug to break into a US federal government agency's Microsoft Internet Information Services web server between November 2022 and early January. The Feds became aware of the intrusion after spotting warning signs at a federal civilian executive branch agency. The Telerik bug, which received a 9.8 out of 10 CVSS severity score, was first discovered in 2019 and is especially popular with Beijing-backed criminals. The cybersecurity agency suggests organizations stay on top of patching to ensure their software is up to date and limit permissions to the minimum necessary to run services.
- Hands up who DIDN'T exploit this years-old flaw to ransack a US govt web server... The Register
- CISA: Federal civilian agency hacked by nation-state and criminal hacking groups CyberScoop
- Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns DARKReading
- 'Multiple Threat Actors' Used Old Exploit to Access Federal Agency Servers Nextgov
- CISA Creates New Ransomware Vulnerability Warning Program Infosecurity Magazine
Reading Insights
0
1
2 min
vs 3 min read
81%
527 → 102 words
Want the full story? Read the original article
Read on The Register