Security News > 2023 > June > Guess what happened to this US agency using outdated software?

Guess what happened to this US agency using outdated software?
2023-06-19 14:32

Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution?

The US Cybersecurity and Infrastructure Security Agency and FBI warned about the first intrusion into a federal civilian executive branch agency's Microsoft IIS web server back in March, and said the snafu happened between November 2022 and early January.

On Thursday, the feds updated the March alert and said a forensic analysis of a different federal civilian executive branch agency "Identified exploitation of CVE-2017-9248 in the agency's IIS server by unattributed APT actors - specifically within the Telerik UI for ASP.NET AJAX DialogHandler component."

Security researchers at VulnCheck spotted the first malicious GitHub repository claiming to be a Signal zero-day in May. They reported the scam to GitHub, and it was taken down.

"The accounts all pretend to be part of a non-existent security company called High Sierra Cyber Security."

VulnCheck includes a list of seven phoney GitHub accounts, seven GitHub repositories, and four Twitter accounts, and cautions that if you've interacted with any of them, you may have been compromised.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/19/old_telerik_bug_exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-07-03 CVE-2017-9248 Insufficiently Protected Credentials vulnerability in multiple products
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
network
low complexity
telerik progress CWE-522
critical
9.8