Daily NCSC-FI news followup 2020-01-20

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

www.bleepingcomputer.com/news/security/citrix-patches-cve-2019-19781-flaw-in-citrix-adc-111-and-120/ Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.. Besides releasing these permanent fixes for the CVE-2019-19781 flaw, Citrix also says that it has fast-forwarded the “availability of permanent fixes for other ADC versions and for SD-WAN WANOP,” with the new dates being moved to: ADC version 12.1, now January 24, ADC version 13 and ADC version 10.5, now January 24, SD-WAN WANOP fixes, now January 24.


Citrix ADC Exploits Update

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Update/25724/ In today’s diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots.

Ransomware shuts down production at Flemish multinational

www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/ A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Plants in Ieper (Belgium), Romania and China are hit.

Kelan järjestelmä petti: tuhansia tärkeitä asiakirjoja jäi toimittamatta musta aukko söi niitä liki 2 vuotta

www.tivi.fi/uutiset/tv/0b2e888b-9ebd-4b93-9967-65fbd9bc8630 Kela selittää tapahtunutta päivityksessä tapahtuneelta inhimillisellä virheellä.

Mitsubishi Electric discloses security breach, China is main suspect

www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/ In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.

The Secretive Company That Might End Privacy as We Know It

www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html A little-known start-up helps law enforcement match photos of unknown people to their online images and might lead to a dystopian future or something, a backer says.

Emotet Malware Dabbles in Extortion With New Spam Template

www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data.. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices.. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states “YOUR COMPUTER HACKED!” and that the recipient’s data was stolen. According to Emotet expert Joseph Roosen, this campaign first started around January 15th, 2020.

Deep Dive into the Lyceum Danbot Malware

cyberx-labs.com/blog/deep-dive-into-the-lyceum-danbot-malware/ LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. The group may have been active since as early as April 2018.. In this blog post by Section 52, CyberXs IoT/ICS threat intelligence team, we go beyond past research by reverse-engineering: The malicious macro used to deliver the DanBot malware executable, Specific commands used in DNS tunneling and HTTP/S communication with its C&C server, Directory structure of the malware, Visual Basic scripts contained in the malware, Other technical details

NATO will send a counter-hybrid team to Montenegro to face Russias threat

securityaffairs.co/wordpress/96627/cyber-warfare-2/montenegro-nato-hybrid-attacks.html The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks.

Ubisoft sues handful of gamers for DDoSing Rainbow Six: Siege

www.theregister.co.uk/2020/01/20/ubisoft_sues_gamers_rainbow_six_ddos_claim/ Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy’s Rainbow Six: Siege (R6S).

You might be interested in …

Daily NCSC-FI news followup 2021-03-05

PLEASE LEAVE AN EXPLOIT AFTER THE BEEP www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep In January 2021, Dubex investigated suspicious activity on a set of Exchange servers. Generic post exploitation activity was seen, and many POST requests were sent to webshells hosted in the OWA directory. It was initially suspected the servers might be backdoored directly through the OWA and that […]

Read More

Daily NCSC-FI news followup 2019-12-03

An Update on Android TLS Adoption security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html Today, were happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default. Critical Android Flaw Leads to Permanent DoS threatpost.com/google-critical-android-permanent-dos-flaw/150764/ The December security update stomped […]

Read More

Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.