IT Security Newsletter - 1/9/2020
Attackers Are Scanning for Vulnerable Citrix Servers, Secure Now
Security researchers have observed ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781 during the last week. This vulnerability impacts multiple Citrix products and it could potentially expose the networks of over 80,000 firms to hacking attacks according to a Positive Technologies report from December.
Kaspersky: North Korean hackers getting more careful, targeted in financial hacks
North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses. And although some of the fake companies and websites rarely pass the smell test — the links on these weaponized websites don’t always work — hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research.
Drake Lyrics Used as Calling Card in Malware Attack
A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment that ultimately downloads either the Lokibot info stealer or Azorult remote access trojan.
SNAKE Ransomware Is the Next Threat Targeting Business Networks
Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it. Enterprise targeting, or big-game hunting, ransomware are used by threat actors that infiltrate a business network, gather administrator credentials, and then use post-exploitation tools to encrypt the files on all of the computers on the network.
TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in Base64 format. It’s deployed as a module after the initial TrickBot infection has already taken hold on a victim computer.
TikTok Riddled With Security Flaws
Researchers say they have discovered several major vulnerabilities in the short form video app TikTok. The reported vulnerabilities come as scrutiny around the Chinese-owned platform increases. Researchers say the most serious vulnerability in the platform could allow attackers to remotely take control over parts of victims’ TikTok account, such as uploading or deleting videos and changing settings on videos to make “hidden” videos public. Researchers also discovered a separate vulnerability that allowed them to obtain personal data of victims, such as email addresses and more.
Firefox gets patch for critical 0-day that’s being actively exploited
Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers. In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw." The US Cybersecurity and Infrastructure Security Agency said one or more exploits were "detected in the wild" and warned that attacks could be exploited to "take control of an affected system."