BROADCASTS.com

b'CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers.\\nAA23-074A Alert, Technical Details, and Mitigations\\nAA23-074A STIX XML\\nMAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server\\nTelerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935)\\nACSC Advisory 2020-004\\nBishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI\\nVolexity Threat Research: XE Group\\nGitHub: Proof-of-Concept Exploit for CVE-2019-18935\\nMicrosoft: Configure Logging in IIS\\nGitHub: CVE-2019-18935\\nNo-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.\\nSee CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure.\\nU.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center\\u2019s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov\\xa0\\nTo report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.'