Threat Actors Exploit CVE-2019-18935 to Gain Remote Access and Elevate Privileges - #CVE-2019-18935
A series of cyberattacks targeting US federal agencies and other organizations have been reported, exploiting a critical vulnerability (CVE-2019-18935) in Progress Telerik UI for ASP.NET AJAX. This vulnerability, with a severity rating of 9.8, allows for remote code execution and has been actively exploited by multiple threat actors, including advanced persistent threat (APT) groups and financially motivated cybercriminals. The attacks involve chaining this vulnerability with older Telerik flaws to obtain encryption keys, followed by uploading malicious files and executing remote shells. US cybersecurity agencies, including CISA, FBI, and MS-ISAC, have issued advisories recommending urgent mitigation measures such as patching, upgrading software, implementing network segmentation, and adopting zero-trust principles. These incidents highlight the critical importance of timely patch management, especially for internet-facing systems, and the need for robust security measures including Endpoint Detection and Response (EDR) solutions.