Citrix vulnerability jeopardises over 80,000 companies globally
Two Citrix products were found having a critical flaw threatening 80,000 companies' networks in 158 countries. With 38 percent of the vulnerable networks, companies in the U.S. faced most of the risks followed by the UK, Germany, the Netherlands, and Australia. Positive technologies discovered a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).
It could allow attackers access to a company's local network and internal access credentials. The easily exploitable vulnerability affects all supported versions of the product, and all supported platforms. The vulnerability (CVE-2019-19781), though described as critical, is yet to be assigned a CVSS severity rating. Citrix has partially addressed the security issue by publishing a set of mitigation measures for standalone systems and clusters as part of a knowledge-base article. Meanwhile, Symantec also recommended companies to block external access at the edge of the network and use intrusion detection systems to monitor accessible links.
Thallium Hacking Group’s Malicious Websites Tracked and Taken Down by Microsoft
In a major crackdown, Microsoft has announced that it successfully took down 50 web domains operated by the North Korea-based Thallium hacking group. These domains were used to launch cyberattacks from the group. The APT group has been active since at least 2010 and Microsoft revealed that the hackers launched spear-phishing using legitimate services including Gmail, Yahoo, and Hotmail. The OS maker disclosed that the Digital Crimes Unit (DCU) along with its Threat Intelligence Center (MSTIC) teams have been monitoring Thallium for months, tracking their activities and mapping their infrastructure. Shortly after Christmas, Microsoft had taken over 50 domains with permission from the US authorities. The seized web domains were used to send phishing emails and host phishing pages. The hacker group would lure victims on these sites, steal their credentials, and then gain access to internal networks.
Cybercriminals Adopt Steganography-based Credit Card Skimmer to steal payment card details
Look out for the Wallet Chrome extension that steals crypto wallet private keys and passwords
Newly Discovered Lampion Trojan found targeting Portuguese users
Security researchers have uncovered a new trojan named Lampion. The trojan is distributed via phishing emails and targets Portuguese users. As reported by Segurance Informatica-Lab (SI-Lab), the phishing email used to distribute the trojan appears to come from the Portuguese Government Finance & Tax. The email reports issues related to debt for the year 2018. It asks the recipients to click on a link within the email to avoid being misled by criminals. When the unsuspected victim clicks on the link available on the email body, the malware gets downloaded from the online server. The downloaded file is a compressed Zip file. When it is unpacked by the user, they will see three files - a PDF, VBS, and a text file. Lampion trojan is involved in capturing data belonging to both the users and infected systems. The collected information includes system information pages, installed software, web browser history, clipboard, details of the file system, etc.
A Twitter app flaw used to match 17 million phone numbers to user accounts
A security researcher claimed to leverage a flaw in Twitter’s Android app and successfully match 17 million phone numbers to unique Twitter user accounts. Security researcher Ibrahim Balic found the Twitter bug and carried on with his experiments for months. According to the researcher, he could upload a large list of mobile phone numbers using the contacts upload feature on Twitter's Android app. He further noted that Twitter fetched relevant matching user data upon uploading the contacts. Security researcher Ibrahim Balic explained that Twitter’s contact upload feature doesn’t accept lists of phone numbers in sequential format—maybe only to prevent this kind of matching. So, he generated more than two billion phone numbers, one after the other instead. He then randomised the numbers and uploaded them to Twitter through the Android app. Through this, he could retrieve matching user data. The researcher provided TechCrunch with a sample of the phone numbers he matched. The team verified his findings by comparing a random selection of usernames with the phone numbers that were provided. The researcher was yet to alert Twitter about the flaw. Meanwhile, he took many of the phone numbers of high-profile Twitter users including politicians and officials to a WhatsApp group to warn them directly.
Edited and compiled by cyber security specialist James Aguilan.