Daily NCSC-FI news followup 2020-01-13

Citrix ADC Exploits: Overview of Observed Payloads

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/ Now that there are public exploits for Citrix ADC, we are seeing many attacks and are observing various payloads. For the moment, after normalization, we observed 37 different payloads

Who else works for this cover company network?

intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network/ In our previous articles we identified a network of front companies for APT activity in Hainan, and showed that Gu Jian, an academic at Hainan University, is listed as a contact person for one of these companies Hainan Xiandun. Additionally, Gu Jian appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large

Microsoft Enables Security Defaults in Azure Active Directory

www.bleepingcomputer.com/news/microsoft/microsoft-enables-security-defaults-in-azure-active-directory/ Microsoft introduced new secure default settings dubbed ‘Security Defaults’ to Azure Active Directory (Azure AD), now available for all license levels, including trial tenants. Security Defaults in Azure AD is a set of basic Microsoft-recommended identity security mechanisms containing preconfigured security settings for common attacks such as password spray, replay, and phishing.