WhatsApp Employment Scam
August 18, 2024 in Business, Employment Scam
These scammers send a random text message to an unknown person sharing a good part time job opportunity. Then they ask to continue the conversation on WhatsApp because they can’t know the recipient information from the text message but WhatsApp shares full profile with the scammer.
These scammers have the following purposes. Don’t do any of the following. And ignore them at the very first time.
- At some point extract money from you in the name of training, security check, document verification etc.
- Ask you to click on a link and then hack your phone or laptop.
- Collect your personal information for a bigger fraud.
How to find if this is a scam?
- Their company address is a fake address. Use Google Maps and see if that company is listed there or not.
- Their web site domain is registered within a week or so. Visit https://www.whois.com to see when the domain was registered?
- This scammer will not communicate through the company email address, because this could expose their IP address that could be anywhere but not in the US or the country where the employment is offered.
They operate like this. The same person would send a following type text on your phone and then ask to continue the conversation with someone else over the WhatsApp. Since, WhatsApp does not verify scammers but you have all information there making it easy for the scammer to get hold of your WhatsApp information.
“My name is Emilia from Mantal We have an opening that might be a perfect fit for you. Can I share the details?
We are offering on line roles that take 30-60 minutes and earn 100-300, paid daily. Required Citizens of the U.S. or PR and age 22 years or over. “
Alright, the person in charge will send the details to your WA app (your phone number)as soon as possible, please pay attention,
What are the scammer phone numbers and website?
There are two phone numbers reported so far: (213) 329 9602 WhatsApp profile shows the name of the person as Zoe, but no one knows who that person is.
Another phone number is 270-267-9566, that is mainly used for text messaging.
The website these scammers are using is: dataed.co , which was registered in August 2024.
Don’t fall prey to any WhatsApp scam for employment. Don’t respond to a call that you did not initiate. Don’t send any money, any personal information. And don’t click on any link. Don’t open any sent PDF, DOCX files.
Stay safe. Stay away from these scammers.
Is Maikex.com a Crypto Scam?
February 12, 2022 in Uncategorized
CDS Bureau reviewed Maikex.com and found that this site could be a scam based on the following findings:
- The domain was first registered on July 2021.
- They have a typical scammer approach to give you money when you pay them money first. Just like lottery scammers who ask you to send them money first to claim your lottery prize.
- So these people have similar 4% transaction fee that you can’t pay with the Crypto/money in your Maikex.com (MZK) account rather they ask you to pay that 4% with your own funds through Bitcoin to their Crypto valet. Once you pay, you may never see your money like the lottery scams.
- They don’t allow you to withdraw below $100K. So, you can not test if that site is legit.
- They don’t have a phone or physical address listed on the site.
- They don’t have a proper email address and communicate through a Gmail.
This site is highly suspicious. Now these days, there are many sites that are offering ICO (Initial Coin Offerings) and defrauding investors. Unless you are 100% sure about a site, don’t invest your hard earned money there.
If you find something for CDS Bureau to investigate, contact us through our contact us form.
Subscription Charge Fraud From HBO Max
October 20, 2021 in Phishing News, Public News
CDS Bureau recently found out that HBO Max is charging its subscribers with the auto renewal of its subscription even if the service is cancelled on the last day of the subscription period. HBO Max (WarnerMedia Direct, LLC) auto renews a subscription one or two day before the expiry of subscription and a subscriber can not get that charged money refunded even if she cancels the subscription before the expiry of current subscription but after the service renewal. HBO Max does not refund money after the renewal even if the subscriber cancelled it before the expiry of current subscription period. HBO Max carefully crafted the language so it becomes legally hard for the customer to get a refund. Here are the two screen shots from the HBO Max site.
This image says that subscription will auto-renew until you cancel, but it auto-renews even if you cancel on the last day.

This image from HBO Max site says that they don’t provide any refund or prorate a cancelled service. And this applies to auto-renewal of a cancelled service. So, even if a consumer cancels the service, but if the HBO Max charged the credit card before the cancellation, the consumer would never get that money refunded.

CDS Bureau finds this practice highly fraudulent because based on a user agreement a company can not charge for a service that was cancelled the day before it was up for renewal. Most of the subscribers don’t read the user agreement and end-up losing money to HBO Max or similar subscription services.
CDS Bureau highly recommends that when you sign-up for any subscription service, please find-out the following:
- Find about all cancellation charges and fees.
- Find about cancellation policy to avoid unnecessary charges.
- Find what you’ll get and what you’ll not
- Find the user risks
A consumer can dispute the charge with the Credit Card, complain to FTC, and file a complaint with NY attorney general. A complaint with the NY Attorney General can help you get your money back. Your complaint will raise an individual subscriber’s voice and create awareness across various government agencies to force WarnerMedia Direct, LLC to change its malpractice of charging a cancelled service for an additional month. This will push such companies to curb the fraudulent practice and uncover their hide-out behind the legal language.
If you have been a victim of HBO Max subscription service scam, feel free to comment below.
Are Cryptocurrencies Like Bitcoin, Etherium, and Doge Scam or Real Deal
June 18, 2021 in Uncategorized
Most of the people have now started talking about cryptocurrencies like Bitcoin, Etherium, Doge Coin, Shibu Coin etc. Some people say that cryptocurrency is a scam and some say it is the future. In this article we’ll weigh arguments from both the sides.
What is a cryptocurrency?
A Cryptocurrency is a computer generated unique digital certificate that has no value of any kind but has a serial number to uniquely identify a cryptocurrency certificate. There is a global ecosystem that verifies every cryptocurrency transaction and people who participate in that ecosystem receive rewards as new coins. A cryptocurrency buyer pays the seller in fiat currency and receives that unique digital certificate number in return.
Bitcoin is the highest priced cryptocurrency as of today. There are 4600+ different such currencies exist as of June 17, 2021. Anyone with a computer and some knowledge can copy existing cryptocurrency code and create one in a matter of few hours. However, to make it successful tons of marketing is required and a community is needed that can support the cryptocurrency.
Cryptocurrency is the future argument:
People who say that “cryptocurrency is the future” base their argument on the following points:
- If people are willing to pay, anything can have a price.
- Bitcoin has a limited supply of 20 million coins that makes it a scarce resource.
- Cryptocurrency has no government interference and acceptable across the globe. It is immune to the stability of any government.
- This can simplify global payment transfers.
- More and more organizations have started investing in cryptocurrencies. There are 7 billion people and if everyone starts transacting/accepting cryptocurrencies, its value will sky rocket.
- Support from illegal activities – Since, cryptocurrency transactions are autonomous, world criminal activities, terrorism, extortion, corruption, etc are flourishing through cryptocurrency payments. This will push cryptocurrency demand higher as more and more illegal activities will keep funding through these currencies.
- No downward pressure – Investors can short a typical currency but there are no financial products that can put downward pressure on a cryptocurrency. This will keep pushing cryptocurrency prices higher.
Cryptocurrency is a scam and has no future argument:
People who say cryptocurrencies are a scam give the following arguments:
- Unlimited supply – Only Bitcoin has a limited supply but all other cryptocurrencies have unlimited supply that means cryptocurrency communities can generate any number of digital certificates. This is like creating the certificates out-of-thin-air and selling them for a price that people can pay. One cryptocurrency coin can have up to 10-18denominations. One dollar has 100 cents but one Doge coin or Bitcoin can have 10-18 sub certificates. This makes any cryptocurrency supply unlimited.
- Unregulated exchanges – Whole cryptocurrency industry is unregulated. None of the countries have regulated cryptocurrency exchanges. Most governments have no policies, auditing, rules, oversight, and checks/balances to stop exchange fraud. This means exchange owners can manipulate prices, steal money from account holders, and do anything they want to promote what is in their best interest. So, in an exchange, if two exchange related accounts, start selling and buying between them, they can inflate any cryptocurrency price. Exchange can say that someone hacked into the system and stole account holders’ cryptocurrencies.
- No intrinsic value – Digital certificates have no intrinsic value. Computer algorithm can create as many certificates as possible. Their prices can go up or down without any reason because there is nothing to hold that price from going up or down.
- Government crackdown – Sooner or later governments will start cracking down on cryptocurrencies. This will slow down its adoption and may destroy them for good.
- Ponzi scheme – A Ponzi scheme is a form of fraud that lures investors and pays profits to earlier investors with funds from more recent investors. This is exactly what is happening with cryptocurrencies. Since cryptocurrency supply has no limits, these certificates keep on growing and someday will outnumber the buyers. That’ll be the day when it’ll crash.
Conclusion:
Cryptocurrency can go either way depending on what people are willing to pay. Cryptocurrencies have no intrinsic value like a stock, fiat money, or painting. A cryptocurrency will keep on having a price as long as there are people to pay that price.
Conference scam from swhfoundation.org and ojgrandhotel.com
November 16, 2020 in CDSBureau News Update, Public News
This post is about the free conference and free travel offer fraud from swhfoundation.org and ojgrandhotel.com sites. This article is for you, if you received an email from them or are a victim of this scam.
CDS Bureau users have reported about this scam and CDS Bureau investigation team investigated the claim and found that these sites are fraud and run by scammers. Do not engage. Do not send any money to book a hotel. The conference is fake. These sites are fake.
Sample Email Texts:
Dear Sir/Madam,
We are pleased to invite you to attend the international human rights conference which will be taking place from December 14th to 19th 2020 in Dallas Texas USA, the conference is being organized by The Social Welfare and Human Rights Organization. The theme of the conference is “The impact of Covid-19 on the global economy and immigration and the consequence of racial inequality on peaceful co-existence”. The sponsors of this event shall cover your round-trip flight tickets from your country to the USA and back to your country and we shall also provide visa assistance with the U.S Embassy in your country of residence. The hotel accommodation booking cost will be your responsibility. Please contact the conference secretariat for more information and registration for participation:[swhrf.infooffice@zohomail.com]. We look forward to your confirmed presence at the conference.
Respectfully Yours,
Dr. Angela Morgan
Program Coordinator
Another Email Text:
Dear Delegate,
We are delighted to inform you that your request to participate in this forthcoming human rights conference meeting has been accepted by our organization. The forthcoming international conference meeting is open for everyone interested to participate. The human rights conference meeting is scheduled to take place from 14th to 19th December 2020 at OJ Grand Hotel located in Dallas Texas USA. The essence of this conference meeting is to discuss issues of Challenges to Health and Human Rights & Economic Development as a result of Covid-19, Immigration Ban and Racial Inequality in our society and proffer solutions, the forthcoming international conference meeting is organized by the Social Welfare and Human Rights Foundation (SWHRF) here in United States of America. Delegates are accepted to participate together as a group of 2 to 7 persons from each organization or you can also participate as an individual if you don’t have a group. The independent donors and the organization sponsors are responsible for participants traveling documents (Visa) application processing and round-trip flight tickets to attend the conference and there will also be translators present at the conference for all major languages. Please note that participants will only be responsible to pay for their hotel accommodation charges with the recommended hotel. Your registration file will be open after we have received your filled registration forms A and B and your hotel booking confirmation receipt. You are to contact the hotel management immediately and make your room booking to secure your hotel accommodation. We shall send you an official invitation letter immediately after the confirmation of your registration to enable you to obtain the U.S visa to participate in this event. Your visa documents will be processed here in the United States and the approval letter of your visa will be sent to the U.S Embassy in your country and an appointment date given to you for the collection of your visa. All participants are requested to make a paper presentation on the event topics which is ” The impact of Covid-19 on the global economy and immigration and the consequence of racial inequality on peaceful co-existence ” as it affects your society, for all documentation will be published by the Social Welfare and Human Rights Foundation (SWHRF) and certificate will be given to all participants as a representative of 2020 conference meeting. All filled registration forms and hotel booking receipt should be submitted to the conference secretariat office:[swhrf.infooffice@zohomail.com] before [Nov. 15th, 2020.] which is the deadline date to receive filled registration forms and hotel booking receipt. Below is the selected hotel contact for you to secure your room booking and send us the booking receipt along with your filled forms with the scan copy of your passport data page. O.J Grand Hotel Tel: +1 214-506- 1332 Email: booking@ojgrandhotel.com ojgrandhotel@gmail.com Note: immediately after your registration file is opened, your registration documents will be forwarded to the U.S Bureau of Immigrant Affairs (Visa Processing Office) here in the United States for the authorization and approval of your visa documents before faxing the visa documents to U.S Embassy (Consulate Office) in your country of resident and you shall be given a visa appointment date to secure your visa for the conference meeting. We thank you for the interest to participate in this conference and we hope to see you at the meeting venue.
Yours Cheerfully,
Prof. Mike Cooper, (SWHRF Secretariat)
Texas City, (USA)
Tel: +1 214-935-3126
www.swhfoundation.org
Our Investigation Analysist:
Here are a few of the reasons that these sites are fraud:
- No such organization exists in the USA.
- These sites are run by the same conference scammers that CDS Bureau reported in its previous posts.
- These domains are registered this year.
- Website contains profile of fake people.
- Their number is a VOIP number and can be any where in the world.
- No conference organization in USA can process visa papers for anyone.
- Scammers ask the conference participants to book a fraud hotel that does not exist in the USA. It is not on Expedia or any other travel site.
They are fraud stay away from them and don’t provide your personal information. They can misuse that in other scam. Never share your passport information or anything with them.
If you have been a victim of this scam, help others by sharing your story as a comment below or contact us.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions, comment or write your own blog.
If you like the above information, follow us below to get more technology and scam information.
How to Identify a Scam or Scam Website?
March 20, 2020 in Public Content
If you receive a free conference offer, discount utility offer, or any other too good to be true offers, they all are scams. You can use the following ways to identify a scam website.
- Website domain will be only a few months old – Visit whois.net and in the search box type the website name and hit enter. You’ll see the domain creation date that would be only one to six months old.
- Google or bing will have only a few search results – Search on Google or Bing and see that not many search results are listed.
- Site will have stolen pictures – In Chrome browser ensure that your default search engine is Google. Open the site and right click on any image and click ‘search Google for image’. The search results will display sites that originally had that picture.
- Address will be fake – Search the address in maps.google.com to see that there is no such business at the specified address.
- Their phone number will change on a weekly/monthly basis – Scammers change their VOIP numbers very often. The number that they used to call you today will not work after a week or so.
Stay vigilant and use above tips to identify scams on your own. All too good to be true offers, any threatening calls / emails, anything free, pandemic related offers/calls, tax related calls/emails etc. they all are scams.
If this article helped you avoid a scam or you were a scam victim than share your story in the comments below and help others to avoid scams.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions or write your own technical blogs.
Follow us below and get more information on technology, cyber security, and scams.
TheDiscountInc.COM 50% off Utility Bill Scam
February 20, 2020 in CDSBureau News Update, Public News
50% utility / loan /mortgage / discount bill is a scam. Stay away from them and don’t share any information. They are operating from Lahore, Pakistan. And only target Indian origin Hindi/Panjabi speaking people in USA, Canada, Australia, and UK. You can easily test them by asking any Hindu religion related questions.
NOTE: If you have transferred money to their US/Australian/Canada/UK bank account, please share that information with the law enforcement agency / FBI as soon as possible. Report them to the FBI through https://www.ic3.gov/complaint/default.aspx.
CDS Bureau published two articles on 50% off utility bill scam. Now these scammers have launched another site TheDiscountInc.com. This site is not same as the other ones but operated by the same scammers because it has same (but fake) physical address and copied from discountzoneinc.com. discountzoneinc.com site is now out of service. TheDiscountInc.com domain name was registered in Jan 23, 2020, while the site claims that the business is in existence since 2005.
This site now offers investment and insurance services also. These services are scam. CDS Bureau highly recommends not to share any information with them and send no money to them. If you apply a loan with them, you’ll compromise your identity.
The following information is fake:
US Fake Address: 19651 Nordhoff Way Northridge CA 91324
Canada Fake Address: 61 Wild cat road Toronto, ON M3J 2P5
Australia Fake Address: 228 James St, Northbridge, WA 6003
Phone Numbers: (747) 236-2629, and (213) 802-6778, (02) 4017-1275, (510) 513-8267, (510) 335-0478, +61 (08) 6146-3102, +61 (08) 6102-0763, +61 (02) 4017-1275
Email: info@discountzoneinc.com (scammers copied the site and forgot to update this email address)
Websites: www.thediscountinc.com, www.discountzoneinc.net
When they call, they talk in your mother tongue to gain your confidence. Recently they hired a few female operators. Don’t fall for their soft and friendly tone. When they call, you can hear many scammers trying to scam people in the background.
Anyone can make payment to your account with your account information and later reverse that payment. Never fall for them. They try to build trust by talking in Punjabi or Urdu. They recently hired very cunning sales girls whose only focus is to scam money out of a victim.
CDS Bureau highly recommends to avoid their call and NEVER share your information with them. If you share your mobile phone account information, they can register their own phone in your name and do irreversible damage to your bank account and personal information. CDS Bureau can not publish all the details due to our responsibility towards general consumers. But if you have been a victim, email us at contact(at)cdsbureau.com to know more about your options.
If this article helped you avoid the scam or you were a scam victim than share your story in the comments below and help others to avoid such scams.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions or write your own technical blogs.
Follow us below and get more information on technology, cyber security, and scams.
UTILITYPLANINC.COM 50% off Utility Bill Scam
February 12, 2020 in Public News, Uncategorized
50% utility / loan /mortgage / discount bill is a scam. Stay away from them and don’t share any information. They are operating from Lahore, Pakistan. And only target Indian origin Hindi/Panjabi speaking people. You can easily test them by asking any Hindu religion related questions.
NOTE: If you have transferred money to their US/Australian/UK bank account, please share that information with the law enforcement agency / FBI as soon as possible. Report them to the FBI through https://www.ic3.gov/complaint/default.aspx.
CDS Bureau published an article on UTILITYPLANSINC.COM. That article forced scammers to shut down their site but they launched a new site with a new domain UTILITYPLANINC.COM. Letter ‘s’ is missing from the newer one. But everything else is exactly same. One of their phone numbers is 559-753-2712.
CDS Bureau did the investigation and found that they copied previous website and published with new domain. They are using stolen images from the Internet. This website also has its founder as James John. His photograph is from bentley.edu. Supervisor Rohan Verma’s photograph is of Wayfair CEO Niraj Shah. And the list goes on.
This domain was registered on Feb 4, 2020, but the website claims that they have been in business since 2010. It appears that these scammers are running this scam since 2010. They normally speak in Punjabi or Urdu and target South Asian communities of USA. They are based out of Lahore, Pakistan.
Anyone can make payment to your account with your account information and later reverse that payment. Never fall for them. They try to build trust by talking in Punjabi or Urdu. They recently hired very cunning sales girls whose only focus is to scam money out of a victim. Don’t fall for their soft and friendly tone.
CDS Bureau highly recommends to avoid their call and NEVER share your information with them. If you share your mobile phone account information, they can register their own phone in your name and do irreversible damage to your bank account and personal information. CDS Bureau can not publish all the details due to our responsibility towards general consumers. But if you have been a victim, email us at contact(at)cdsbureau.com to know more about your options.
If this article helped you avoid the scam or you were a scam victim than share your story in the comments below and help others to avoid such scams.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions or write your own technical blogs.
Follow us below and get more information on technology, cyber security, and scams.
UTILITYPLANSINC.COM 50% off Utility Bill Scam
February 1, 2020 in CDSBureau News Update, Public Content, Public News
50% utility / loan /mortgage / discount bill is a scam. Stay away from them and don’t share any information. They are operating from Lahore, Pakistan. And only target Hindi/Panjabi speaking people. You can easily test them by asking any Hindu religion related questions.
NOTE: If you have transferred money to their US/Australian/UK bank account, please share that information with the law enforcement agency / FBI as soon as possible. Report them to the FBI through https://www.ic3.gov/complaint/default.aspx.
Update: CDS Bureau and its users have forced the scammers to shutdown their website but they registered a new domain utilityplaninc.com. More info here.
One of CDS Bureau users notified us about UTILITYPLANSINC.COM scam. CDS Bureau did the investigation and found the website to be a scam website. It has many issues that normally scam websites have. They are using stolen images from the Internet. This website stole Founder James John’s photograph from bentley.edu. Supervisor Rohan Verma’s photograph is of Wayfair CEO Niraj Shah. And the list goes on.
This domain is registered on Jan 7, 2020, but the website claims that they have been in business since 2010. Website footer had copyright for another domain name utilityplansca.com. But when we tried to visit that site, the site did not exist. It appears that these scammers are running this scam since 2010. They normally speak in Punjabi or Urdu and target South Asian communities of USA.
CDS Bureau highly recommends to avoid their call and NEVER share your information with them. If you share your mobile phone account information, they can register their own phone in your name and do irreversible damage to your bank account and personal information. CDS Bureau can not publish all the details due to our responsibility towards general consumers. But if you have been a victim, email us at contact(at)cdsbureau.com to know more about your options.
If this article helped you avoid the scam or you were a scam victim than share your story in the comments below and help others to avoid such scams.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions or write your own technical blogs.
Follow us below and get more information on technology, cyber security, and scams.
AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP
January 24, 2020 in CDSBureau News Update, Public News, Security threat - action needed, Threat Prevention
Summary
Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]
On January 19, 2020, Citrix released firmware updates for Citrix
Application Delivery Controller (ADC) and Citrix Gateway versions 11.1
and 12.0.
On January 22, 2020, Citrix released security updates for vulnerable SD-WAN WANOP appliances.
On January 23, 2020, Citrix released firmware updates for Citrix ADC and Gateway versions 12.1 and 13.0.
On January 24, 2020, Citrix released firmware updates for Citrix ADC and Gateway version 10.5.
A remote, unauthenticated attacker could exploit CVE-2019-19781 to perform arbitrary code execution.[2] This vulnerability has been detected in exploits in the wild.[3]
The Cybersecurity and Infrastructure Agency (CISA) strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible.
Timeline of Specific Events
- December 17, 2019 – Citrix released Security Bulletin CTX267027 with mitigations steps.
- January 8, 2020 – The CERT Coordination Center (CERT/CC) released Vulnerability Note VU#619785: Citrix Application Delivery Controller and Citrix Gateway Web Server Vulnerability,[4] and CISA releases a Current Activity entry.[5]
- January 10, 2020 – The National Security Agency (NSA) released a Cybersecurity Advisory on CVE-2019-19781.[6]
- January 11, 2020 – Citrix released blog post on CVE-2019-19781 with timeline for fixes.[7]
- January 13, 2020 – CISA released a Current Activity entry describing their utility that enables users and administrators to test whether their Citrix ADC and Citrix Gateway firmware is susceptible to the CVE-2019-19781 vulnerability.[8]
- January 16, 2020 – Citrix announced that Citrix SD-WAN WANOP appliance is also vulnerable to CVE-2019-19781.
- January 19, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway versions 11.1 and 12.0 and blog post on accelerated schedule for fixes.[9]
- January 22, 2020 – Citrix released security updates for Citrix SD-WAN WANOP release 10.2.6 and 11.0.3.[10]
- January 22, 2020 – Citrix and FireEye Mandiant released an indicator of compromise (IOC) scanning tool for CVE-2019-19781.[11]
- January 23, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway versions 12.1 and 13.0.[12]
- January 24, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway version 10.5.
Technical Details
Impact
On December 17, 2019, Citrix reported vulnerability CVE-2019-19781. A remote, unauthenticated attacker could exploit this vulnerability to perform arbitrary code execution. This vulnerability has been detected in exploits in the wild.
The vulnerability affects the following appliances:
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 – all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 – all supported builds before 11.1.63.15
- Citrix ADC and NetScaler Gateway version 12.0 – all supported builds before 12.0.63.13
- Citrix ADC and NetScaler Gateway version 12.1 – all supported builds before 12.1.55.18
- Citrix ADC and Citrix Gateway version 13.0 – all supported builds before 13.0.47.24
- Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO – all supported software release builds before 10.2.6b and 11.0.3b. (Citrix SD-WAN WANOP is vulnerable because it packages Citrix ADC as a load balancer).
Detection Measures
Citrix and FireEye Mandiant released an IOC scanning tool for CVE-2019-19781 on January 22, 2020. The tool aids customers with detecting potential IOCs based on known attacks and exploits.[13]
See the National Security Agency’s Cybersecurity Advisory on CVE-2020-19781 for other detection measures.[14]
CISA released a utility that enables users and administrators to detect whether their Citrix ADC and Citrix Gateway firmware is susceptible to CVE-2019-19781.[15] CISA encourages administrators to visit CISA’s GitHub page to download and run the tool.
Mitigations
CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP as soon as possible.
The fixed builds can be downloaded from Citrix Downloads pages for Citrix ADC, Citrix Gateway, and Citrix SD-WAN.
Until the appropriate update is implemented, users and administrators should apply Citrix’s interim mitigation steps for CVE-2019-19781.[16] Verify the successful application of the above mitigations by using the tool in CTX269180 – CVE-2019-19781 – Verification ToolTest. Note: these mitigation steps apply to Citrix ADC and SD-WAN WANOP deployments.[17]
Refer to table 1 for Citrix’s planned fix schedule.[18]
Table 1. Fix schedule for Citrix appliances vulnerable to CVE-2019-19781
| Vulnerable Appliance | Firmware Update | Release Date |
|---|---|---|
| Citrix ADC and Citrix Gateway version 10.5 | Refresh Build 10.5.70.12 | January 24, 2020 |
| Citrix ADC and Citrix Gateway version 11.1 | Refresh Build 11.1.63.15 | January 19, 2020 |
| Citrix ADC and Citrix Gateway version 12.0 | Refresh Build 12.0.63.13 | January 19, 2020 |
| Citrix ADC and Citrix Gateway version 12.1 | Refresh Build 12.1.55.18 | January 23, 2020 |
| Citrix ADC and Citrix Gateway version 13.0 | Refresh Build 13.0.47.24 | January 23, 2020 |
| Citrix SD-WAN WANOP Release 10.2.6 | Build 10.2.6b | January 22, 2020 |
| Citrix SD-WAN WANOP Release 11.0.3 | Build 11.0.3b | January 22, 2020 |
Administrators should review NSA’s Citrix Advisory for other mitigations, such as applying the following defense-in-depth strategy:
“Consider deploying a VPN capability using standardized protocols, preferably ones listed on the National Information Assurance Partnership (NIAP) Product Compliant List (PCL), in front of publicly accessible Citrix ADC and Citrix Gateway appliances to require user authentication for the VPN before being able to reach these appliances. Use of a proprietary SSLVPN/TLSVPN is discouraged.”
References
- [1] Citrix blog: Citrix releases final fixes for CVE-2019-19781
- [2] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
- [3] United Kingdom National Cyber Secrity Centre (NCSC) Alert: Actors exploiting Citrix products vulnerability
- [4] CERT/CC Vulnerability Note VU#619785
- [5] CISA Current Activity: Citrix Application Delivery Controller and Citrix Gateway Vulnerability
- [6] NSA Cybersecurity Advisory: Mitigate CVE-2019-19781: Critical Vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway
- [7] Citrix blog: Citrix provides update on Citrix ADC, Citrix Gateway vulnerability
- [8] CISA Current Activity: CISA Releases Test for Citrix ADC and Gateway Vulnerability GitHub: CISAgov – check-cve-2019-19781
- [9] Citrix Blog: Vulnerability Update: First permanent fixes available, timeline accelerated
- [10] Citrix Blog: Update on CVE-2019-19781: Fixes now available for Citrix SD-WAN WANOP
- [11] Citrix Blog: Citrix and FireEye Mandiant share forensic tool for CVE-2019-19781
- [12] Citrix Blog: Fixes now available for Citrix ADC, Citrix Gateway versions 12.1 and 13.0
- [13] Citrix Blog: Citrix and FireEye Mandiant share forensic tool for CVE-2019-19781
- [14] NSA Cybersecurity Advisory: Mitigate CVE-2019-19781: Critical Vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway
- [15] CISA Current Activity: CISA Releases Test for Citrix ADC and Gateway Vulnerability GitHub: CISAgov – check-cve-2019-19781
- [16] Citrix Security Bulletin CTX267679, Mitigation Steps for CVE-2019-19781
- [17] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
- [18] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
Revisions
- January 20, 2020: Initial Version
- January 23, 2020: Updated with information about Citrix releasing fixes for SD-WAN WANOP appliances and an IOC scanning tool
- January 24, 2020: Updated with information about Citrix releasing fixes for Citrix ADC and Gateway versions 10.5, 12.1, and 13.0
Disclaimer: CDS Bureau received this information from NCAS, and sharing with our readers for information purposes only. CDS Bureau assumes no liability resulting from sharing this information and its application.
CDS Bureau and its community can answer your technology or scam related questions for free. Register to ask questions or write your own blog.
If you like the above information, follow us below to get more technology and scam information.
