Security News > 2023 > June > Guess what happened to this US agency using outdated software?

Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution?

The US Cybersecurity and Infrastructure Security Agency and FBI warned about the first intrusion into a federal civilian executive branch agency's Microsoft IIS web server back in March, and said the snafu happened between November 2022 and early January.

On Thursday, the feds updated the March alert and said a forensic analysis of a different federal civilian executive branch agency "Identified exploitation of CVE-2017-9248 in the agency's IIS server by unattributed APT actors - specifically within the Telerik UI for ASP.NET AJAX DialogHandler component."

Security researchers at VulnCheck spotted the first malicious GitHub repository claiming to be a Signal zero-day in May. They reported the scam to GitHub, and it was taken down.

"The accounts all pretend to be part of a non-existent security company called High Sierra Cyber Security."

VulnCheck includes a list of seven phoney GitHub accounts, seven GitHub repositories, and four Twitter accounts, and cautions that if you've interacted with any of them, you may have been compromised.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/19/old_telerik_bug_exploited/