Outdated Vulnerability Exploited by Multiple Hacker Groups to Breach US Federal Agency.
Originally Published 2 years ago — by The Hacker News
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The vulnerability, tracked as CVE-2019-18935, relates to a .NET deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX that, if left unpatched, could lead to remote code execution. Organizations are recommended to upgrade their instances of Telerik UI ASP.NET AJAX to the latest version, implement network segmentation, and enforce phishing-resistant multi-factor authentication for accounts that have privileged access.