CYBERSECURITY NEWS V. 1.11. – Attacks on Austrian Foreign Ministry and Alaskan airline
Citrix ADC CVE-2019-19781 - exploits revealed
A recently found vulnerability in Citrix Application Delivery Controller ADC (former NetScaler ADC) and Citrix Gateway (former NetScaler Gateway) could allow an unauthenticated attacker to perform arbitrary code execution. On January 11, there were still no patches available from the vendor. Citrix only provided ways to mitigate the problem. The public proof-of-concept (PoC) exploits have already been released and allow attackers to easily create reverse shells and execute commands on vulnerable devices to gain full control over them. Patches are expected to be released by the end of January.
Attack on Austrian Foreign Ministry
The Austrian government fell victim to a cyberattack that has started on January 4. The officials told that it had been caught early and countermeasures had been put in place. The signatures and patterns of the attack show that it could be state-sponsored. Austrian parliamentarians stated their government is "unprepared" to withstand cyberattacks and added that there are no hundred percent defenses against them as other European governments were affected by similar attacks in the past.
ToTok is back
ToTok chat app is back in the Google Play Store despite the fact it is believed to be linked to the Emirati intelligence firm DarkMatter. The app itself could be spyware. Earlier in 2019, Google and Apple were notified about the possible threat and removed the app from their stores. Although, later Google returned the app without any comments; Apple's investigation is still on.
Pre-installed malware found on US government-funded phones
Smartphones developed by Assurance Wireless as part of the US Federal government's Lifeline program come with pre-installed malware, which cannot be removed. It was found on the company’s cheapest phone, UMX U686CL. The app in question poses as Wireless Update and is the only way to update the device; in fact, it can install other apps without the user’s consent. It is a variant of Adups spyware, which grants complete remote control over a device. Moreover, UMX U686CL is infected with a variant of the HiddenAds trojan.
Travelex, a currency exchange service, was hit by Sodinokibi ransomware. The attackers requested a ransom of $6 million. Travelex officials stated that there is no clear evidence that any data had been stolen. Sodinokibi threatened to sell sensitive data on the black market.
The city of Pensacola, Florida, suggests using free privacy protection software to people whose data may have been affected by the Maze ransomware attack the city suffered in December 2019. Officially, data theft wasn’t proven, but according to sources, Maze published more than two gigabytes of data.
Alaskan airline RavnAir attack
RavnAir Group stated that it had experienced a malicious cyberattack its IT network causing it to cancel all of its Dash 8 flights. Initially, it was believed that the attack targeted this type of plane, but the investigation showed that it only affected only the internal systems at the airline itself.
New Iranian wiper malware
A destructive cyber campaign hits Bapco, Bahrain's national oil company, driven by new malware Dustman. Dustman is a possible successor to earlier wiper malware like Shamoon. The cyberattack happened on December 29, 2019. It was described in a report published by Saudi Arabia's National Cybersecurity Authority.