#nationalcybersecuritymonth | Don’t worry about CurveBall just yet — get your Citrix systems patched

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.” 

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781. 

It’s so bad that @Random_Robbie said in a tweet early this morning that nearly all of the top malicious scans this morning detected by GreyNoise.io are trying to crack into Citrix (formerly NetScaler) Gateway systems.

According to @0XDUDE Victor Gevers, as of early Monday morning, “14,180 [servers] are still vulnerable. There are sensitive networks unpatched out there. With only a few volunteers we are trying to help (remotely) these organizations that are behind or stuck in the mitigation process.”

William Ballenthin and Josh Madeley at FireEye have discovered a novel piece of malware called NOTROBIN that takes over compromised Citrix systems then leaves a back door for future exploits:

Copyright © 2020 IDG Communications, Inc.

Source link

Leave a Reply