Login

Register

Login

Register


Reports have emerged of multiple attempts to exploit a Citrix vulnerability, delivering ransomware to enterprise victims including a German car manufacturer.

Citrix began patching the CVE-2019-19781 bug in its Application Delivery Controller (ADC) and Citrix Gateway products last week. If successfully exploited, it could allow an unauthenticated attacker to perform arbitrary code execution.

At the time, FireEye warned that attackers were exploiting the flaw to deploy a backdoor, named “NotRobin,” in order to maintain access to exposed systems.

In an update, the security vendor claimed on Friday that it had detected efforts to deploy coin miners and ransomware via exploits for the vulnerability.

It traced attacks on dozens of FireEye customers back to ransomware named “Ragnarok,” which appears to have been created in mid-January. The ransom note demands 1 Bitcoin ($8600) to decrypt one infected machine or five ($43,002) for all.

“FireEye continues to observe multiple actors who are currently seeking to take advantage of CVE-2019-19781. This post outlines one threat actor who is using multiple exploits to take advantage of vulnerable internal systems and move laterally inside the organization,” it concluded.

“Based on our initial observations, the ultimate intent may have been the deployment of ransomware, using the Gateway as a central pivot point.”

As FireEye mentioned, there appear to be multiple groups looking to exploit the Citrix flaw in ransomware attacks.

Researchers took to Twitter to reveal efforts by attackers using the Sodinokibi variant, also known as REvil. Victims include German car parts manufacturer Gedia Automotive Group.

“I examined the files #REvil posted from Gedia after they refused to pay the #ransomware. The interesting thing I discovered is that they obviously hacked Gedia via the #Citrix exploit,” explained @underthebreach. “My bet is that all recent targets were accessed via this exploit.”

The news comes after white hats pointed to a critical unpatched flaw in Pulse Secure VPN products as being behind the Travelex ransomware outage.



____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW