Hello, welcome to the Wednesday, January 8, 2020 edition of the Sandton, Storm Center's

Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

I brought up a quick diary today with some of the scans that I have observed for the Citrix

ADC and Citrix Gateway vulnerabilities.

Not a lot of scans so far, no actual exploit attempts, but there are definitely people

that are poking around and are looking for vulnerable systems.

So shouldn't be too long, and I pretty sure that the some of the bad guys

probably have exploits available there are a number of different security

companies and so that have exploits developed by now so the bad guys are

probably not far behind so patch patch, patch, patch.

And just to illustrate how dangerous these type of vulnerabilities are over New Year's, the

currency exchange Trevelex went down, they took their website down for a couple days.

Turned out the root cause here apparently was a vulnerability in the Pulse Secure SSL VPN.

A patch has been available for this vulnerability since April.

Now this is again, it is not the super straightforward one, but still all you have to do in order to

exploit the Pulse Secure SL VPN vulnerability is there is an arbitrary file read

vulnerability that allows you access to credentials.

With that you can then exploit command injection vulnerability using authentication.

So, relatively straightforward, but it takes a little bit of work.

So this is not the type of vulnerability that you see widely exploited across the internet,

but more in these little bit more targeted exploits.

...