There is a high probability that Citrix ADC servers with no mitigation applied on or after January 9, 2020, have been taken over and their TLS certificates and associated keys have been stolen. [2/2] Please patch AND revoke your certificates.
-
Prikaži ovu nit
-
Victor Gevers je proslijedio/a tweet korisnika/ceChristopher Glyer
Indicator of Compromise Scanner for CVE-2019-19781. Autility for detecting compromises of Citrix ADC Appliances.https://twitter.com/cglyer/status/1219984237878763521 …
Victor Gevers je dodan/na,
Christopher Glyer @cglyerBREAKING - To help organizations identify compromised systems with CVE-2019-19781,@FireEye &@Citrix have released a tool that searches for indicators of compromise associated with attacker activity observed by@Mandiant https://fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html … https://github.com/fireeye/ioc-scanner-CVE-2019-19781/ …Prikaži ovu nit1 reply 3 proslijeđena tweeta 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceRobert
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts. Detects and logs payloads for CVE-2019-19781 (Shitrix / Citrixmash) Logs failed login attempts Serves content and headers taken from a real appliance.https://twitter.com/x1sec/status/1220239529111515136 …
Victor Gevers je dodan/na,
Robert @x1secNew tool:#citrix ADC / Netscaler honeypot for cve-2019-19781#shitrix. Serves content taken from a real system for indexing by search engines, e.g.#shodan or google. Will also detect web admin panel login attempts. https://github.com/x1sec/citrix-honeypot … pic.twitter.com/4rs9gkkoCD2 proslijeđena tweeta 6 korisnika označava da im se sviđaPrikaži ovu nit -
11,704 Citrix servers with CVE-2019-19781 on the net, 11,704 Citrix servers with CVE-2019-19781.
Patch 332 down, Mitigate it around, 11,372 Citrix servers with CVE-2019-19781 on the net...
https://docs.google.com/spreadsheets/d/1Uplx-kmEUsYz9n9m0wBuZYqv6lM1TBCFa08vAwX2bJw/edit?usp=sharing …pic.twitter.com/12L8PHOekV
8 proslijeđenih tweetova 15 korisnika označava da im se sviđaPrikaži ovu nit -
CVE-2012-4606 Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest OS to gain elevated privileges. https://twitter.com/cvenew/status/1220477594543456257?s=21 …pic.twitter.com/ZO2wJ3Yr0I
1 reply 6 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceCatalin Cimpanu
https://twitter.com/campuscodi/status/1220711683057995777?s=21 …https://twitter.com/campuscodi/status/1220711683057995777 …
Victor Gevers je dodan/na,
Catalin Cimpanu @campuscodiNEW: Hackers target unpatched Citrix servers to deploy ransomware * REvil gang attacks confirmed * Maze also suspected * Other groups are selling access to hacked Citrix systems on hacking forums https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/ … pic.twitter.com/3EyWKlIRd21 reply 3 proslijeđena tweeta 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
Victor Gevers je proslijedio/a tweet korisnika/ceUnder the Breach
https://twitter.com/underthebreach/status/1220687658701246464?s=21 …https://twitter.com/underthebreach/status/1220687658701246464 …
Victor Gevers je dodan/na,
Under the Breach @underthebreachI examined the files#REvil posted from http://Gedia.com after they refused to pay the#ransomware. the interesting thing I discovered is that they obviously hacked Gedia via the#Citrix exploit my bet is that all recent targets were accessed via this exploit. (1/2) pic.twitter.com/tWeUR7I1zjPrikaži ovu nit1 reply 3 proslijeđena tweeta 1 korisnik označava da mu se sviđaPrikaži ovu nit -
1 reply 4 proslijeđena tweeta 9 korisnika označava da im se sviđaPrikaži ovu nit
-
Victor Gevers je proslijedio/a tweet korisnika/ceBleepingComputer
"Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked" by
@Ionut_Ilascuhttps://twitter.com/BleepinComputer/status/1221455792659947520?s=20 …Victor Gevers je dodan/na,
1 reply 2 proslijeđena tweeta 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Detecting Citrix CVE-2019-19781 via
@USCERT_gov https://www.us-cert.gov/ncas/alerts/aa20-031a …1 reply 1 proslijeđeni tweet 4 korisnika označavaju da im se sviđaPrikaži ovu nit
"We checked the Netscaler logs and found no evidence of successful exploitation of the vulnerability. Why are you suggesting to redeploy it with new credentials and new certificates?"
This is the/etc/password file of your server. Did you not see this in your log files? RCE =
pic.twitter.com/yDJfhXfyLL
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.