The Dutch Security Hotline of @DIVDnl made a first analysis of the scan data collected on the night of January 9 to 10 shows that of the more than 700 vulnerable Citrix servers identified in the Netherlands, over 450 used wildcard certificates. [1/2]
https://www.securitymeldpunt.nl/cases/202002-Wildcard-Certificaten-Citrix-ADC/ …
-
Prikaži ovu nit
-
There is a high probability that Citrix ADC servers with no mitigation applied on or after January 9, 2020, have been taken over and their TLS certificates and associated keys have been stolen. [2/2] Please patch AND revoke your certificates.
11 proslijeđenih tweetova 9 korisnika označava da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceChristopher Glyer
Indicator of Compromise Scanner for CVE-2019-19781. Autility for detecting compromises of Citrix ADC Appliances.https://twitter.com/cglyer/status/1219984237878763521 …
Victor Gevers je dodan/na,
Christopher Glyer @cglyerBREAKING - To help organizations identify compromised systems with CVE-2019-19781,@FireEye &@Citrix have released a tool that searches for indicators of compromise associated with attacker activity observed by@Mandiant https://fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html … https://github.com/fireeye/ioc-scanner-CVE-2019-19781/ …Prikaži ovu nit1 reply 3 proslijeđena tweeta 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceRobert
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts. Detects and logs payloads for CVE-2019-19781 (Shitrix / Citrixmash) Logs failed login attempts Serves content and headers taken from a real appliance.https://twitter.com/x1sec/status/1220239529111515136 …
Victor Gevers je dodan/na,
Robert @x1secNew tool:#citrix ADC / Netscaler honeypot for cve-2019-19781#shitrix. Serves content taken from a real system for indexing by search engines, e.g.#shodan or google. Will also detect web admin panel login attempts. https://github.com/x1sec/citrix-honeypot … pic.twitter.com/4rs9gkkoCD2 proslijeđena tweeta 6 korisnika označava da im se sviđaPrikaži ovu nit -
11,704 Citrix servers with CVE-2019-19781 on the net, 11,704 Citrix servers with CVE-2019-19781.
Patch 332 down, Mitigate it around, 11,372 Citrix servers with CVE-2019-19781 on the net...
https://docs.google.com/spreadsheets/d/1Uplx-kmEUsYz9n9m0wBuZYqv6lM1TBCFa08vAwX2bJw/edit?usp=sharing …pic.twitter.com/12L8PHOekV
8 proslijeđenih tweetova 15 korisnika označava da im se sviđaPrikaži ovu nit -
CVE-2012-4606 Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest OS to gain elevated privileges. https://twitter.com/cvenew/status/1220477594543456257?s=21 …pic.twitter.com/ZO2wJ3Yr0I
1 reply 6 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceCatalin Cimpanu
https://twitter.com/campuscodi/status/1220711683057995777?s=21 …https://twitter.com/campuscodi/status/1220711683057995777 …
Victor Gevers je dodan/na,
Catalin Cimpanu @campuscodiNEW: Hackers target unpatched Citrix servers to deploy ransomware * REvil gang attacks confirmed * Maze also suspected * Other groups are selling access to hacked Citrix systems on hacking forums https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/ … pic.twitter.com/3EyWKlIRd21 reply 3 proslijeđena tweeta 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceUnder the Breach
https://twitter.com/underthebreach/status/1220687658701246464?s=21 …https://twitter.com/underthebreach/status/1220687658701246464 …
Victor Gevers je dodan/na,
Under the Breach @underthebreachI examined the files#REvil posted from http://Gedia.com after they refused to pay the#ransomware. the interesting thing I discovered is that they obviously hacked Gedia via the#Citrix exploit my bet is that all recent targets were accessed via this exploit. (1/2) pic.twitter.com/tWeUR7I1zjPrikaži ovu nit1 reply 3 proslijeđena tweeta 1 korisnik označava da mu se sviđaPrikaži ovu nit -
1 reply 4 proslijeđena tweeta 9 korisnika označava da im se sviđaPrikaži ovu nit
-
Victor Gevers je proslijedio/a tweet korisnika/ceBleepingComputer
"Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked" by
@Ionut_Ilascuhttps://twitter.com/BleepinComputer/status/1221455792659947520?s=20 …Victor Gevers je dodan/na,
1 reply 2 proslijeđena tweeta 4 korisnika označavaju da im se sviđaPrikaži ovu nit
Detecting Citrix CVE-2019-19781 via @USCERT_gov
https://www.us-cert.gov/ncas/alerts/aa20-031a …
-
-
"We checked the Netscaler logs and found no evidence of successful exploitation of the vulnerability. Why are you suggesting to redeploy it with new credentials and new certificates?" This is the/etc/password file of your server. Did you not see this in your log files? RCE =
pic.twitter.com/yDJfhXfyLL
0 replies 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.