Daily NCSC-FI news followup 2020-01-20

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

www.bleepingcomputer.com/news/security/citrix-patches-cve-2019-19781-flaw-in-citrix-adc-111-and-120/ Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.. Besides releasing these permanent fixes for the CVE-2019-19781 flaw, Citrix also says that it has fast-forwarded the “availability of permanent fixes for other ADC versions and for SD-WAN WANOP,” with the new dates being moved to: ADC version 12.1, now January 24, ADC version 13 and ADC version 10.5, now January 24, SD-WAN WANOP fixes, now January 24.


Citrix ADC Exploits Update

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Update/25724/ In today’s diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots.

Ransomware shuts down production at Flemish multinational

www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/ A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Plants in Ieper (Belgium), Romania and China are hit.

Kelan järjestelmä petti: tuhansia tärkeitä asiakirjoja jäi toimittamatta musta aukko söi niitä liki 2 vuotta

www.tivi.fi/uutiset/tv/0b2e888b-9ebd-4b93-9967-65fbd9bc8630 Kela selittää tapahtunutta päivityksessä tapahtuneelta inhimillisellä virheellä.

Mitsubishi Electric discloses security breach, China is main suspect

www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/ In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.

The Secretive Company That Might End Privacy as We Know It

www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html A little-known start-up helps law enforcement match photos of unknown people to their online images and might lead to a dystopian future or something, a backer says.

Emotet Malware Dabbles in Extortion With New Spam Template

www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data.. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices.. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states “YOUR COMPUTER HACKED!” and that the recipient’s data was stolen. According to Emotet expert Joseph Roosen, this campaign first started around January 15th, 2020.

Deep Dive into the Lyceum Danbot Malware

cyberx-labs.com/blog/deep-dive-into-the-lyceum-danbot-malware/ LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. The group may have been active since as early as April 2018.. In this blog post by Section 52, CyberXs IoT/ICS threat intelligence team, we go beyond past research by reverse-engineering: The malicious macro used to deliver the DanBot malware executable, Specific commands used in DNS tunneling and HTTP/S communication with its C&C server, Directory structure of the malware, Visual Basic scripts contained in the malware, Other technical details

NATO will send a counter-hybrid team to Montenegro to face Russias threat

securityaffairs.co/wordpress/96627/cyber-warfare-2/montenegro-nato-hybrid-attacks.html The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks.

Ubisoft sues handful of gamers for DDoSing Rainbow Six: Siege

www.theregister.co.uk/2020/01/20/ubisoft_sues_gamers_rainbow_six_ddos_claim/ Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy’s Rainbow Six: Siege (R6S).

You might be interested in …

Daily NCSC-FI news followup 2019-11-06

BlueKeep RDP Attacks are Starting Patch CVE-2019-0708 Now www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html Microsoft patched a critical Remote Desktop Services Remote Code Execution Vulnerability this past May, 2019. Identified as CVE-2019-0708, and also known as BlueKeep, this remote code execution vulnerability can be exploited when an unauthenticated attacker connects to a target system using RDP and then sends specially […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.