{"id":14215,"date":"2020-04-25T00:11:00","date_gmt":"2020-04-24T22:11:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14215"},"modified":"2020-04-24T21:36:04","modified_gmt":"2020-04-24T19:36:04","slug":"backdoor-nsa-und-asd-warnen-vor-schwachstellen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/25\/backdoor-nsa-und-asd-warnen-vor-schwachstellen\/","title":{"rendered":"Backdoor: NSA and ASD warn of vulnerabilities"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/24\/backdoor-nsa-und-asd-warnen-vor-schwachstellen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The US secret service NSA and the Australian secret service have issued a joint warning. Hackers are increasingly trying to exploit unpatched vulnerabilities in products to infiltrate systems via web shell malware. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/69562fd987274a98b01031eee9e706d6\" width=\"1\" height=\"1\">The following tweet links to a corresponding document of the NSA\/CSS, which warns against cyber attacks on known vulnerabilities. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Malicious cyber actors are actively using web shells in their intrusion campaigns.<\/p>\n<p>Protect your networks\u2014apply the mitigations listed in the <a href=\"https:\/\/twitter.com\/NSAGov?ref_src=twsrc%5Etfw\">@NSAGov<\/a> and <a href=\"https:\/\/twitter.com\/ASDGovAu?ref_src=twsrc%5Etfw\">@ASDGovAu<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Cybersecurity?src=hash&amp;ref_src=twsrc%5Etfw\">#Cybersecurity<\/a> Information Sheet found here: <a href=\"https:\/\/t.co\/5BGbm1Ewy0\">https:\/\/t.co\/5BGbm1Ewy0<\/a> <a href=\"https:\/\/t.co\/6BUf9UV2t1\">pic.twitter.com\/6BUf9UV2t1<\/a><\/p>\n<p>\u2014 NSA\/CSS (@NSAGov) <a href=\"https:\/\/twitter.com\/NSAGov\/status\/1252945913980608512?ref_src=twsrc%5Etfw\">April 22, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Bleeping Computer writes <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nsa-hackers-exploit-these-vulnerabilities-to-deploy-backdoors\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>,&nbsp; that the Australian Signals Directorate (ASD) also issues this common warning. In a joint report, NSA and ASD warn of cyber attacks that exploit increasingly vulnerable web servers to use web shells. \"Malicious cyber-actors are increasingly using web shells to gain or maintain access to victims' systems,\" writes NSA.<\/p>\n<h2>Web shells as a backdoor<\/h2>\n<p>Web shells are malicious tools that hackers can use on a compromised internal or Internet-exposed server to gain and maintain access. Web shells also allow remote execution of arbitrary commands, deliver additional malware payloads, and access other devices within a network. <\/p>\n<p>Web shells can be uploaded in a variety of forms to vulnerable servers. This ranges from programs designed specifically to provide Web shell functionality, to Perl, Ruby, Python, and Unix shell scripts, to application plug-ins, and to PHP and ASP code snippets that are inserted into the pages of a Web application.<\/p>\n<h2>Detect and block<\/h2>\n<p>The 17-page security guide published by the two secret services contains a wealth of information for security teams. This ranges from the detection of hidden web shells to the reaction and elimination of detected infections. It also lists the exploited vulnerabilities. <\/p>\n<table style=\"word-wrap: break-word; width: 100%; table-layout: fixed\" cellspacing=\"1\" cellpadding=\"1\" border=\"1\">\n<tbody>\n<tr>\n<td><strong>Vulnerability Identifier<\/strong><\/td>\n<td><strong>Affected Application<\/strong><\/td>\n<td><strong>Reported<\/strong><\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-0604<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-february-2019-patch-tuesday-includes-fixes-for-70-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft SharePoint<\/a><\/td>\n<td>15 May 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-19781<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/tag\/citrix\/\" target=\"_blank\" rel=\"noopener noreferrer\">Citrix Gateway, Citrix Application Delivery Controller, and Citrix SD-WAN WANOP appliances<\/a><\/td>\n<td>22 Jan 2020<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-3396<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vulnerable-confluence-servers-get-infected-with-ransomware-trojans\/\" target=\"_blank\" rel=\"noopener noreferrer\">Atlassian Confluence Server<\/a><\/td>\n<td>20 May 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-3398<\/td>\n<td>Atlassian Confluence Server and Atlassian Confluence Data Center<\/td>\n<td>26 Nov 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-9978<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zero-day-wordpress-plugin-vulnerability-used-to-add-malicious-redirects\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress \"Social Warfare\" Plugin<\/a><\/td>\n<td>22 Apr 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-18935<br \/>CVE-2017-11317<br \/>CVE-2017-11357<\/td>\n<td>Progress Telerik UI<\/td>\n<td>7 Feb 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-11580<\/td>\n<td>Atlassian Crowd and Crowd Data Center<\/td>\n<td>15 July 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2020-10189<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zoho-fixes-no-auth-rce-zero-day-in-manageengine-desktop-central\/\" target=\"_blank\" rel=\"noopener noreferrer\">Zoho ManageEngine Desktop Central<\/a><\/td>\n<td>6 Mar 2020<\/td>\n<\/tr>\n<tr>\n<td>CVE-2019-8394<\/td>\n<td>Zoho ManageEngine ServiceDesk Plus<\/td>\n<td>18 Feb 2019<\/td>\n<\/tr>\n<tr>\n<td>CVE-2020-0688<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-scanning-for-vulnerable-microsoft-exchange-servers-patch-now\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Exchange Server<\/a><\/td>\n<td>10 Mar 2020<\/td>\n<\/tr>\n<tr>\n<td>CVE-2018-15961<\/td>\n<td><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/adobe-september-2018-security-updates-fix-6-critical-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer\">Adobe ColdFusion<\/a><\/td>\n<td>8 Nov 2018<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The table above contains known vulnerabilities from various products for which security updates have long been available, but which are attacked on unpatched systems. More details can be found at <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nsa-hackers-exploit-these-vulnerabilities-to-deploy-backdoors\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The US secret service NSA and the Australian secret service have issued a joint warning. Hackers are increasingly trying to exploit unpatched vulnerabilities in products to infiltrate systems via web shell malware.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-14215","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14215"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14215\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}