Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019Rewterz Threat Advisory – CVE-2019-0797 FruityArmor, SandCat Exploiting Microsoft Win32k Flaw
March 14, 2019
Severity
High
Analysis Summary
Citrix has confirmed that their network was breached and attackers has managed to get their hands on the “Business Documents” according to their CISO (Chief Information Security Officer).
“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised”
It is likely that the attackers used the password spraying tactic which is used to exploit weak passwords and once they get their foothold with limited access, they work their way out to additional layers of security compromising at least “6TB” of data, founding ways to bypass (2FA) two factor authentication and (SSO) single sign on and services for further unauthorized access to VPN (Virtual Private Networks) channels.
Impact
- System access
- Loss of credentials
- Loss of sensitive information
- Network intrusion
- Data ex filtration
Indicators of Compromise
| IP(s) / Hostname(s) | 178[.]131[.]21[.]19 5[.]115[.]23[.]11 5[.]52[.]14[.]23 23[.]237[.]104[.]90 194[.]59[.]251[.]12 185[.]244[.]214[.]198 138[.]201[.]142[.]113 92[.]222[.]252[.]193 51[.]15[.]240[.]100 185[.]220[.]70[.]135 |
Affected Vendors
Citrix Systems
Remediation
- Block threat indicators at your respective controls.
- Prevent users from common passwords
- Deploy alternative passwords where possible
- Enforce the multi factor authentication on externally reachable endpoints
- Provide pragmatic advice to the users on how to choose good passwords.