Search results for: CVE-2019-19781


Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers ( Query our API for "tags=CVE-2021-21972" for relevant indicators and source IP addresses. #threatintel — Bad Packets (@bad_packets) February 24, 2021 “In our opinion, the RCE vulnerability in the vCenter Server can pose no less a … More


25 vulnerabilities exploited by Chinese state-sponsored hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and … More


Biomedical orgs working on COVID-19 vaccines open to cyber attacks

In a recently released report by the UK National Cyber Security Centre (NCSC), whose findings have been backed by Canada’s Communications Security Establishment (CSE) and the US NSA and CISA (Cybersecurity and Infrastructure Security Agency), the agency has warned about active cyber attacks targeting biomedical organizations that are involved in the development of a COVID-19 vaccine. On Friday, BitSight researchers shared the results of a study that looked for detectable security issues at a number … More


Attackers are probing Citrix controllers and gateways through recently patched flaws

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. At the time, there was no public attack code and no indication that any of the fixed flaws were getting actively exploited. On Thursday, though, SANS ISC’s Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on … More

Palo Alto Networks

Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!

Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. The US Cyber Command has echoed the call for immediate action, saying that nation-state-backed attackers are likely to try to exploit it soon. Please patch all devices affected by CVE-2020-2021 immediately, especially if … More


Have you patched these top 10 routinely exploited vulnerabilities?

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. “Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available,” the agency noted. … More


How to thwart human-operated ransomware campaigns?

Most ransomware campaigns hitting healthcare organizations and critical services right now are just the final act of a months-long compromise. “Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain,” says the Microsoft Threat Protection Intelligence Team. Organizations who have yet to witness the final … More


Web shell malware continues to evade many security tools

Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. What are web shells? Web shells are malicious scripts that are uploaded to target systems (usually web servers) to enable attackers to control it remotely. In affect, they create a backdoor into the target system. The threat is not limited to internet-facing web servers, though, and can be deployed … More


High-risk vulnerabilities and public cloud-based attacks on the rise

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 MySQL vulnerabilities—there was an unusual increase in the vulnerabilities risk component within the Index. Specifically, there was a 57% increase in vulnerabilities that can be accessed remotely with no authentication required, have a public exploit available, … More

abstract broken connections

Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach

Here’s an overview of some of last week’s most interesting news and articles: Mitsubishi Electric discloses data breach, possible data leak Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that “personal information and corporate confidential information may have been leaked.” It’s time to patch your Cisco security solutions again Cisco has released another batch of security updates and patches for a variety of its offerings, … More

Citrix Systems and FireEye introduce new tool for detection of compromise

Citrix Systems and FireEye announced the launch of a new tool for detection of compromise in connection with the previously announced CVE-2019-19781 vulnerability, which affects certain versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP. This tool is freely accessible in both the Citrix and FireEye GitHub repositories. The free tool is designed to allow customers to run it locally against their Citrix instances and receive a … More


IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781

Citrix and FireEye have teamed up to provide sysadmins with an IoC scanner that shows whether a Citrix ADC, Gateway or SD-WAN WANOP appliance has been compromised via CVE-2019-19781. Finding evidence of compromise By now it should be widely known that CVE-2019-19781 – aka “Shitrix” – is a real and present danger: exploits for it abound and attackers are using them, while we wait for fixes for all affected devices to be released. Though the … More