The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a cybersecurity advisory in collaboration with the Federal Bureau of Investigation and the Multi-State Information Sharing and Analysis Center (MS-ISAC), warning of malicious cyber activity targeting a federal civilian executive branch (FCEB) agency.
Analysts have identified that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a vulnerability in Progress Telerik UI for ASP.NET AJAX.
The vulnerability, CVE-2019-18935, allows for remote code execution, and Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.
To mitigate similar malicious cyber activities, CISA recommends that organizations implement a patch management solution to ensure compliance with the latest security patches, validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services, and limit service accounts to the minimum permissions necessary to run services.
In the cybersecurity advisory, IT infrastructure defenders are provided with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation.
The exploitation of a .NET deserialization vulnerability in Progress Telerik UI for ASP.NET AJAX, which allows for remote code execution, underscores the importance of applying software updates and security patches in a timely manner.
Failure to do so can leave organizations vulnerable to cyber attacks, with cybercriminals seeking to exploit known vulnerabilities in popular software platforms to gain unauthorized access to networks and systems.
To prevent such exploits, organizations must remain vigilant and ensure that their security systems are up to date with the latest patches and updates.
