There have been various cases with Citrix, Pulse VPN, and Remote Desktop (RDP) have been exploited. Make sure that if you are using these systems are patched the latest patches available. On April 1, threat actors have been conducting mass port scans to identify Pulse Secure VPN servers that still remain unpatched for the latest patches available and are actively being exploited to install malware, as the recent surge of windows systems targeted from Sodinokibi Ransomware. Microsoft has helped identify and warn various organizations of to review their VPN for needed updates to prevent from attacking remote workers.
Latest update for CVE-2019-19781: Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliancecan be found at https://support.citrix.com/article/CTX267027
CVE-2019-11510: Critical Pulse Connect Secure Vulnerability Used in Sodinokibi Ransomware Attacks for more information on how patch this vulnerability visit https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ . More information on this vulnerability read this article https://www.tenable.com/blog/cve-2019-11510-critical-pulse-connect-secure-vulnerability-used-in-sodinokibi-ransomware
Microsoft: Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do: https://www.microsoft.com/security/blog/2020/04/01/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do/.
