Articles & E-Books

 

Cybersecurity Weekly: Travelex still offline, Unpatched Citrix flaw now has PoC exploits, Webex bug patched

Jan 15, 2020

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

  • The Travelex currency exchange is still offline after a December 31 ransomware attack. The company says that its systems became infected with Sodinokibi, also known as REvil. The malware appears to have gained entry to the system through a known vulnerability in Pulse Secure VPN software; a patch for the flaw was made available in April 2019.
  • Alomere Health is notifying nearly 50,000 patients in Minnesota that their personal health information may have been compromised. Two Alomere Health employee email accounts were compromised in late October and early November 2019.
  • Las Vegas officials said Tuesday that that a cyber-attack breached the city’s computer systems, but it wasn’t immediately clear if any sensitive data was compromised. City officials were alerted to the breach around 4:30 a.m. The city’s information technology department reacted quickly and was taking “extensive steps” to protect the system.

Vulnerabilities

  • Proof-of-concept (PoC) exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability (CVE-2019-19781) already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web.
  • A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering.
  • US-CERT Vulnerability Summary for the week of January 6, 2020.

Patches & Updates

  • Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing, to enhance audio, video and content.
  • TikTok has patched several flaws that left the social video app vulnerable to account takeovers, private data exposure, and other forms of account manipulation. Researchers found the vulnerabilities and notified TikTok in late November 2019. The company fixed the flaws in late December.
  • Just one day after releasing Firefox 72, Mozilla released version 72.0.1 to address a critical vulnerability that was being actively exploited. The type-confusion flaw could be exploited to execute code or cause crashes on vulnerable systems. Firefox 72 included new privacy features and fixes for five high-severity security issues.

WipfliSecurity Weekly in your inbox.

Want to get WipfliSecurity Weekly a day earlier, delivered right to your inbox? Sign up.