'Blue Mockingbird', a threat actor, targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The attacker leverages the CVE-2019-18935 flaw, a critical severity (CVSS v3.1: 9.8) deserialisation that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. In May 2020, the same threat actor was observed targeting vulnerable Microsoft IIS Servers that used Telerik UI. Sophos researchers reported this week that, according...
Read more