Daily NCSC-FI news followup 2020-01-20

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

www.bleepingcomputer.com/news/security/citrix-patches-cve-2019-19781-flaw-in-citrix-adc-111-and-120/ Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.. Besides releasing these permanent fixes for the CVE-2019-19781 flaw, Citrix also says that it has fast-forwarded the “availability of permanent fixes for other ADC versions and for SD-WAN WANOP,” with the new dates being moved to: ADC version 12.1, now January 24, ADC version 13 and ADC version 10.5, now January 24, SD-WAN WANOP fixes, now January 24.


Citrix ADC Exploits Update

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Update/25724/ In today’s diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots.

Ransomware shuts down production at Flemish multinational

www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/ A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Plants in Ieper (Belgium), Romania and China are hit.

Kelan järjestelmä petti: tuhansia tärkeitä asiakirjoja jäi toimittamatta musta aukko söi niitä liki 2 vuotta

www.tivi.fi/uutiset/tv/0b2e888b-9ebd-4b93-9967-65fbd9bc8630 Kela selittää tapahtunutta päivityksessä tapahtuneelta inhimillisellä virheellä.

Mitsubishi Electric discloses security breach, China is main suspect

www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/ In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.

The Secretive Company That Might End Privacy as We Know It

www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html A little-known start-up helps law enforcement match photos of unknown people to their online images and might lead to a dystopian future or something, a backer says.

Emotet Malware Dabbles in Extortion With New Spam Template

www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data.. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices.. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states “YOUR COMPUTER HACKED!” and that the recipient’s data was stolen. According to Emotet expert Joseph Roosen, this campaign first started around January 15th, 2020.

Deep Dive into the Lyceum Danbot Malware

cyberx-labs.com/blog/deep-dive-into-the-lyceum-danbot-malware/ LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. The group may have been active since as early as April 2018.. In this blog post by Section 52, CyberXs IoT/ICS threat intelligence team, we go beyond past research by reverse-engineering: The malicious macro used to deliver the DanBot malware executable, Specific commands used in DNS tunneling and HTTP/S communication with its C&C server, Directory structure of the malware, Visual Basic scripts contained in the malware, Other technical details

NATO will send a counter-hybrid team to Montenegro to face Russias threat

securityaffairs.co/wordpress/96627/cyber-warfare-2/montenegro-nato-hybrid-attacks.html The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks.

Ubisoft sues handful of gamers for DDoSing Rainbow Six: Siege

www.theregister.co.uk/2020/01/20/ubisoft_sues_gamers_rainbow_six_ddos_claim/ Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy’s Rainbow Six: Siege (R6S).

You might be interested in …

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-day-used-to-hack-high-value-targets/ Apple releases fixes for three WebKit zero-days, additional patches for a fourth therecord.media/apple-releases-fixes-for-three-webkit-zero-days-additional-patches-for-a-fourth/ Spam and phishing in Q1 2021 securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns. Spearphishing Attack Uses COVID-21 Lure […]

Read More

Daily NCSC-FI news followup 2020-11-06

Update Your iOS Devices Now 3 Actively Exploited 0-Days Discovered thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. Lisäksi: support.apple.com/en-us/HT201222. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/06/apple-releases-security-updates-multiple-products. Lisäksi: threatpost.com/apple-patches-bugs-zero-days/161010/. Lisäksi: www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.