Twitter | Pretraživanje | |
Victor Gevers 15. sij
Since December, has reported over 98 thousand vulnerable Citrix Netscalers to their organizations or their ISP and monitoring over 120 thousand servers. The Dutch Security Hotline of is reporting vulnerable instances in the Netherlands.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 15. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
There are roughly 37 thousand Citrix devices online, which are still vulnerable (CVE-2019-19781). In the last 48 hours, we noticed a quick decline of vulnerable devices from 89 thousand to 37 thousand. Just a few more days and this mess could be cleaned up? :-)
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 17. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
The amount of vulnerable Citrix endpoints is going down. Our latest scan (made from 13.95.153.127 and 137.117.226.20) detected 17,613 which are still vulnerable. Newly added (honeypot) hosts added after December are ignored.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 17. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
In about 5 minutes, a new scan to search for vulnerable Citrix endpoints will run again. So if you see 104.45.30.171 touching your Citrix server, then please don't panic. We are the good guys. Have a great weekend! :-)
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 17. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
The amount of vulnerable Citrix endpoints went down again today. There are 16,466 vulnerable endpoints left. 1,147 endpoints are not vulnerable anymore since yesterday.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 18. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
Today's scan shows that 15,626 Citrix endpoints are still vulnerable.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 19. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
The weekend is over. Today's scan shows there are 15,602 vulnerable Citrix servers online. The amount of honeypots is steadily increasing while the amount of vulnerable servers is going down.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 20. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
We are still monitoring the progress of the Citrix and the mitigation of it. 12 hours ago Citrix published updates and new fixes. Since 10:00 CET there 14,564 vulnerable endpoints online.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 20. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
17 hours ago, Citrix published updates & new fixes for . 14,180 are still vulnerable. There are sensitive networks unpatched out there. With only a few volunteers we are trying to help (remotely) these organizations that are behind or stuck in the mitigation process.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 22. sij
Odgovor korisniku/ci @GDI_FDN @DIVDnl
The Dutch Security Hotline of made a first analysis of the scan data collected on the night of January 9 to 10 shows that of the more than 700 vulnerable Citrix servers identified in the Netherlands, over 450 used wildcard certificates. [1/2]
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers
There is a high probability that Citrix ADC servers with no mitigation applied on or after January 9, 2020, have been taken over and their TLS certificates and associated keys have been stolen. [2/2] Please patch AND revoke your certificates.
Reply Retweet Označi sa "sviđa mi se" More
Victor Gevers 22. sij
Odgovor korisniku/ci @0xDUDE
Indicator of Compromise Scanner for CVE-2019-19781. Autility for detecting compromises of Citrix ADC Appliances.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 23. sij
Odgovor korisniku/ci @0xDUDE
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts. Detects and logs payloads for CVE-2019-19781 (Shitrix / Citrixmash) Logs failed login attempts Serves content and headers taken from a real appliance.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 23. sij
Odgovor korisniku/ci @0xDUDE
🎵 11,704 Citrix servers with CVE-2019-19781 on the net, 11,704 Citrix servers with CVE-2019-19781. Patch 332 down, Mitigate it around, 11,372 Citrix servers with CVE-2019-19781 on the net... 🎵
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 24. sij
Odgovor korisniku/ci @0xDUDE
CVE-2012-4606 Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest OS to gain elevated privileges.
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 24. sij
Odgovor korisniku/ci @0xDUDE
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 24. sij
Odgovor korisniku/ci @0xDUDE
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 25. sij
Odgovor korisniku/ci @0xDUDE
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 26. sij
Odgovor korisniku/ci @Ionut_Ilascu
"Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked" by
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 1. velj
Odgovor korisniku/ci @Ionut_Ilascu @USCERT_gov
Detecting Citrix CVE-2019-19781 via
Reply Retweet Označi sa "sviđa mi se"
Victor Gevers 1. velj
Odgovor korisniku/ci @Ionut_Ilascu @USCERT_gov
"We checked the Netscaler logs and found no evidence of successful exploitation of the vulnerability. Why are you suggesting to redeploy it with new credentials and new certificates?" This is the/etc/password file of your server. Did you not see this in your log files? RCE =☠️
Reply Retweet Označi sa "sviđa mi se"