55.1 F
Washington D.C.
Sunday, December 3, 2023

CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities

Today, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server.

This iteration of the CSA—now renamed Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers—is based on the forensic analysis and identified exploitation of CVE-2017-9248 at an additional FCEB agency. Activity identified at this agency is separate from the CVE-2019-18935 exploitation listed in the original publication; analysis is provided as context for existing vulnerabilities within Telerik UI for ASP.NET AJAX. Further, this update provides a timetable and context of unattributed APT actor activity that highlights events, including identified malicious files.

CISA, FBI, and MS-ISAC encourage network defenders to review this update and refer to the accompanying Malware Analysis Report, MAR-10443863-1.v1 CVE-2017-9248 Exploitation in U.S. Government IIS Server for analysis of the newly identified malicious files.

Read more at CISA

Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles

Verified by MonsterInsights