Check (and patch) your externally facing Citrix / Pulse Secure / RDP / servers / and other stuff
I am hoping you are all aware of the latest issues with Citrix Gateways etc. (things like Netscaler) (CVE-2019-19781). A patch for this has been released this weekend. This vulnerability has active exploits and allows unauthorised access, can be used as a way into your network, especially if you use this externally facing. Some attackers have patched people and left a hole for themselves, so don't just patch, check your logs. Lots of articles on this online already.
And, the ongoing issues with products that feature Pulse Secure VPN capabilities, in Juniper, Fortinet, Palo Alto, etc. Again, there are patches available, have been for some time. Loads of CVEs here, too many to list.
And, Microsoft's/NSA announced crypt32 vulnerability which allows abuse of encryption. CVE-2020-0601. Patches for Windows 10 (1709 and later) no extended support prior to this so upgrade the version of Windows 10 too, Server 2016/2019.
In order of priority, start at the top of my list and work down. But, I am sure you are already all over this.
@4d4mA good warning, but too late, unfortunately the perpetrator had a hit list, and just kept touching those who had not patched, put their tools for a rainy day into the systems and now forensics analysts will be having a field day - even after the door was locked attempting to find out the extent of the compromise and whether or not they went further. A tough job for many organisations.
Hi @4d4m ; Always cast around and do a quick search on the community, if you think a subject has already been covered. If nothing turns up, then put it up, it could be a life saver.
it may appear to be a storm in a teacup, but believe me, when I tell you I know of some organisations are now weeks and lots of hours into forensic analysis and incident management techniques right now even after the backdoor has been closed - what is the extent of the compromise?