Skip to content
Front Page: NCSC-FI
Front Page: NCSC-FI
Go to SearchSearch
English
Menu

The National Cyber Security Centre Finland’s weekly review – 30/2023

Information security now!

Published

This week we talk about the National Cyber Security Centre Finland’s assessment of current software vulnerabilities and the epidemic of social media account hijacking.

TLP:CLEAR

Topics covered in this week’s review

  • Assessment of current critical software vulnerabilities
  • An unexpected contest win can be a scam

Assessment of current critical software vulnerabilities

On 19 July, the NCSC-FI released a vulnerability bulletin (in Finnish) (External link) regarding a critical vulnerability in Citrix Netscaler Gateway and ADC software. The products were previously known as Citrix ADX and Citrix Gateway. These products are also popular in Finland and many organisations use them to establish remote connections and direct network traffic, for example. Critical vulnerabilities related to remote access services (e.g. VPN) must always be fixed immediately.

After learning about the vulnerability, the NCSC-FI assessed the situation in Finland by contacting over 140 organisations about the issue. So far, no organisation in Finland has reported attempts to exploit the vulnerability. According to the NCSC-FI’s survey, organisations have responded quickly to the situation and updated their Citrix services even during the holiday season. Attempts to exploit critical vulnerabilities can happen fast, thus it is crucial to address vulnerabilities like this without delay when a fix becomes available.

During the week, there were also reports of a critical vulnerability (bulletin in Finnish) (External link) in Ivanti Endpoint Manager Mobile (MobileIron Core). This product is used by organisations to manage the security of mobile devices, for example. The NCSC-FI mapped and contacted organisations using the product in Finland. 

An unexpected contest win can be a scam

There is an ongoing epidemic of hijacking of Facebook accounts and the NCSC-FI receives reports of hijacking incidents almost daily. Accounts are hijacked through an already compromised account that sends messages to persons on the account’s contacts list. The messages claim that if you give the person first your telephone number and then a code sent to the number, you can participate in a prize draw. In reality, the attacker uses the telephone number and the received code to gain access to the account. In some cases, the criminal has continued the scam by requesting the account owner’s online bank credentials to transfer the prize money. Giving your online bank credentials to a criminal can lead to an empty bank account.

Having gained access to the Facebook account, the criminal aims to change the account information so that the account owner can no longer change the password for the account, recover the account themselves or log the criminal out.

How to recover your Facebook account

  • Log the criminal out of your Facebook account. 
    First, check that the telephone number and email for the account are yours and change the password, if possible. See Facebook’s instructions (External link) for logging out.
  • Warn your Facebook friends.
    If you can still access your account, try to warn your Facebook friends of possible scam messages.
  • Report the incident to Facebook.
    Only Facebook can restore your account.
  • Check your Facebook account’s security settings. 
    Enable two-factor authentication.

Criminals try to gain the victim’s trust in many ways. In this method, the scam messages are sent from the victim’s friend’s account. Although you know the sender, you can recognise the sender as a scammer if the message does not sound logical. For example, did you receive the message from a person who should already have your telephone number? If you find the message suspicious, you can e.g. call the person to confirm that the message really came from them.

Learn more about Facebook scams
Scams and phishing: Facebook contest win 1) Your friend asks for your phone number. The message is sent from a compromised account. 2) Your “friend” says they are participating in a prize draw. 3) You receive a verification code by SMS. 4) If you share the code with your “friend,” they will gain access to your account. The attacker will change your password and the email address linked to the account and start sending scam messages to your friends.

Vulnerabilities

CVE: CVE-2023-3519
CVSS: 9.8
What: Critical vulnerability in Citrix Netscaler Gateway and ADC software
Product: Citrix Netscaler ADC and Gateway
Fix: Update to the latest version

CVE: CVE-2023-35078
CVSS: 10
What: Critical vulnerability in Ivanti Endpoint Manager Mobile (MobileIron Core)
Product: Ivanti Endpoint Manager Mobile (MobileIron Core)
Fix: Update to version 11.8.1.1, 11.9.1.1 or 11.10.0.2.

CVE: CVE-2023-38606
What: Several critical vulnerabilities in Apple products
Product: Various Apple products
Fix: Update to the latest version

ABOUT THE WEEKLY REVIEW

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 21 July–27 July 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens. 

Previous weekly reviews are available here