Daily NCSC-FI news followup 2020-01-20

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

www.bleepingcomputer.com/news/security/citrix-patches-cve-2019-19781-flaw-in-citrix-adc-111-and-120/ Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.. Besides releasing these permanent fixes for the CVE-2019-19781 flaw, Citrix also says that it has fast-forwarded the “availability of permanent fixes for other ADC versions and for SD-WAN WANOP,” with the new dates being moved to: ADC version 12.1, now January 24, ADC version 13 and ADC version 10.5, now January 24, SD-WAN WANOP fixes, now January 24.


Citrix ADC Exploits Update

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Update/25724/ In today’s diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots.

Ransomware shuts down production at Flemish multinational

www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/ A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Plants in Ieper (Belgium), Romania and China are hit.

Kelan järjestelmä petti: tuhansia tärkeitä asiakirjoja jäi toimittamatta musta aukko söi niitä liki 2 vuotta

www.tivi.fi/uutiset/tv/0b2e888b-9ebd-4b93-9967-65fbd9bc8630 Kela selittää tapahtunutta päivityksessä tapahtuneelta inhimillisellä virheellä.

Mitsubishi Electric discloses security breach, China is main suspect

www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/ In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.

The Secretive Company That Might End Privacy as We Know It

www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html A little-known start-up helps law enforcement match photos of unknown people to their online images and might lead to a dystopian future or something, a backer says.

Emotet Malware Dabbles in Extortion With New Spam Template

www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data.. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices.. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states “YOUR COMPUTER HACKED!” and that the recipient’s data was stolen. According to Emotet expert Joseph Roosen, this campaign first started around January 15th, 2020.

Deep Dive into the Lyceum Danbot Malware

cyberx-labs.com/blog/deep-dive-into-the-lyceum-danbot-malware/ LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. The group may have been active since as early as April 2018.. In this blog post by Section 52, CyberXs IoT/ICS threat intelligence team, we go beyond past research by reverse-engineering: The malicious macro used to deliver the DanBot malware executable, Specific commands used in DNS tunneling and HTTP/S communication with its C&C server, Directory structure of the malware, Visual Basic scripts contained in the malware, Other technical details

NATO will send a counter-hybrid team to Montenegro to face Russias threat

securityaffairs.co/wordpress/96627/cyber-warfare-2/montenegro-nato-hybrid-attacks.html The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks.

Ubisoft sues handful of gamers for DDoSing Rainbow Six: Siege

www.theregister.co.uk/2020/01/20/ubisoft_sues_gamers_rainbow_six_ddos_claim/ Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy’s Rainbow Six: Siege (R6S).

You might be interested in …

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Daily NCSC-FI news followup 2019-06-07

A Deep Dive into the Emotet Malware www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file. Later versions evolved to use macro-enabled Office documents to retrieve a malicious payload from a C2 server. […]

Read More

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.