All articles tagged with #federal agency
CISA disclosed that hackers exploited an unpatched GeoServer vulnerability (CVE-2024-36401) to breach a U.S. federal agency's network, gaining access through web shells and remote access scripts, and moving laterally within the network before detection. The agency urges prompt patching, enhanced monitoring, and improved incident response to prevent similar attacks.
The FEMA Review Council is examining FEMA's core responsibilities and exploring ways to shift more disaster response duties to states and other partners, amid ongoing flood responses and criticisms of FEMA's federal response effectiveness, with a final report due to the White House by November 16.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. The vulnerability, CVE-2023-26360, allows for arbitrary code execution and affects outdated versions of ColdFusion 2018 and ColdFusion 2021. At least two public-facing servers were compromised, and the attackers were able to drop malware and perform reconnaissance activities. No data exfiltration has been observed, but the threat actors attempted to decrypt passwords using the seed values found in the ColdFusion seed.properties file.
US Senator Michael Bennet has introduced an updated version of legislation that would establish a Federal Digital Platform Commission to regulate AI products. The revised bill expands on the definition of an algorithmic process and would create requirements for algorithmic audits and public risk assessments of the harms their tools could cause. The bill retains existing language mandating that the commission ensure platform algorithms are “fair, transparent, and safe.” The added emphasis on AI highlights how Congress is rapidly gearing up for policymaking on a cutting-edge technology it is scrambling to understand.
Multiple threat actors, including one working for a nation-state, gained access to a US federal agency's network by exploiting a four-year-old vulnerability that remained unpatched. Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX. The vulnerability was not detected for four years, and the agency's vulnerability scanner failed to detect it due to the Telerik UI software being installed in a file path it does not typically scan. The breach is the result of someone in the unnamed agency failing to install a patch that had been available for years.
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The vulnerability, tracked as CVE-2019-18935, relates to a .NET deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX that, if left unpatched, could lead to remote code execution. Organizations are recommended to upgrade their instances of Telerik UI ASP.NET AJAX to the latest version, implement network segmentation, and enforce phishing-resistant multi-factor authentication for accounts that have privileged access.