US Government IIS Server Breached via Telerik Software Flaw

16 March 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed information regarding a .NET deserialization vulnerability (CVE-2019-18935) in the Progress Telerik user interface (UI) for ASP.NET AJAX. CISA described the findings in an advisory on Wednesday, saying multiple cyber-threat actors were able to exploit the flaw, which also affected the Microsoft Internet Information Services (IIS) web server of a federal civilian executive branch (FCEB) agency between November 2022 and January 2023.

Read full article on Infosecurity

Date:

16 March 2023

Categorie(s):

NEWS

Tag(s):

Flaws, IIS, Servers, Softwares, Telerik

AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024
Kaiser Permanente handed over 13.4M people’s data to Microsoft, Google, others26 April 2024