Daily NCSC-FI news followup 2020-01-20

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

www.bleepingcomputer.com/news/security/citrix-patches-cve-2019-19781-flaw-in-citrix-adc-111-and-120/ Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.. Besides releasing these permanent fixes for the CVE-2019-19781 flaw, Citrix also says that it has fast-forwarded the “availability of permanent fixes for other ADC versions and for SD-WAN WANOP,” with the new dates being moved to: ADC version 12.1, now January 24, ADC version 13 and ADC version 10.5, now January 24, SD-WAN WANOP fixes, now January 24.

www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/

Citrix ADC Exploits Update

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Update/25724/ In today’s diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots.

Ransomware shuts down production at Flemish multinational

www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/ A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Plants in Ieper (Belgium), Romania and China are hit.

Kelan järjestelmä petti: tuhansia tärkeitä asiakirjoja jäi toimittamatta musta aukko söi niitä liki 2 vuotta

www.tivi.fi/uutiset/tv/0b2e888b-9ebd-4b93-9967-65fbd9bc8630 Kela selittää tapahtunutta päivityksessä tapahtuneelta inhimillisellä virheellä.

Mitsubishi Electric discloses security breach, China is main suspect

www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/ In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.

The Secretive Company That Might End Privacy as We Know It

www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html A little-known start-up helps law enforcement match photos of unknown people to their online images and might lead to a dystopian future or something, a backer says.

Emotet Malware Dabbles in Extortion With New Spam Template

www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data.. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices.. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states “YOUR COMPUTER HACKED!” and that the recipient’s data was stolen. According to Emotet expert Joseph Roosen, this campaign first started around January 15th, 2020.

Deep Dive into the Lyceum Danbot Malware

cyberx-labs.com/blog/deep-dive-into-the-lyceum-danbot-malware/ LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. The group may have been active since as early as April 2018.. In this blog post by Section 52, CyberXs IoT/ICS threat intelligence team, we go beyond past research by reverse-engineering: The malicious macro used to deliver the DanBot malware executable, Specific commands used in DNS tunneling and HTTP/S communication with its C&C server, Directory structure of the malware, Visual Basic scripts contained in the malware, Other technical details

NATO will send a counter-hybrid team to Montenegro to face Russias threat

securityaffairs.co/wordpress/96627/cyber-warfare-2/montenegro-nato-hybrid-attacks.html The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks.

Ubisoft sues handful of gamers for DDoSing Rainbow Six: Siege

www.theregister.co.uk/2020/01/20/ubisoft_sues_gamers_rainbow_six_ddos_claim/ Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy’s Rainbow Six: Siege (R6S).

You might be interested in …

Daily NCSC-FI news followup 2019-12-20

267 miljoonan Facebook-käyttäjän tiedot päätyivät nettiin – älä silti hätäile www.is.fi/digitoday/tietoturva/art-2000006350462.html Vuoto ei kuitenkaan ole hälyttävin mahdollinen, vaikka koskeekin suurta määrää käyttäjiä. Tietueessa ei esimerkiksi ole salasanoja tai maksukortin tietoja. Lisäksi tiedot ovat enimmäkseen amerikkalaisilta käyttäjiltä.. Src: www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/ Supo: 5g-verkkotoimijat arvioitava ja poliittinen keskustelu käytävä www.is.fi/digitoday/tietoturva/art-2000006348909.html Cisco ASA DoS Bug Attacked in Wild blogs.cisco.com/security/talos/cisco-asa-dos-bug-attacked-in-wild Cisco […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2019-11-05

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/ A malware infection has crippled the IT operations in the remote Canadian territory of Nunavut. An alert from the provincial government on Monday says that “all government services requiring access to electronic information” are being impacted by what they describe as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.