CISA says hackers are exploiting a new file transfer bug in Citrix ShareFile | TechCrunch. An error occurred with this part of the page, sorry for the inconvenience. Hackers are exploiting a newly discovered vulnerability in yet another enterprise file transfer software, the U.S. government’s cybersecurity agency has warned.
CISA on Wednesday added a vulnerabil... YouTube announced today how it plans to approach the impact AI technology is having on the music industry with regard to its video hosting platform and its existing partnerships across the music in... Listen here or wherever you get your podcasts. Hello, and welcome back to Equity, the podcast about the business of startups, where we unpack the numbers and nuance behind the headlines. Our Monday... Twiga will conduct another round of layoffs to keep its business afloat amid macroeconomic headwinds that have made capital harder to raise, and forced venture-backed companies to scale down their ...
Tesla has said that insider wrongdoing was to blame for a data breach affecting more than 75,000 company employees. Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities. Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 relates to an authentication bypass that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems. Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.
A majority of the servers, amounting to no less than 5,000, are running 13.0-88.14, a version that's immune to CVE-2022-27510 and CVE-2022-27518. NSA says Chinese hackers are actively attacking flaw in widely used networking device. Written by Elias Groll Dec 13, 2022 | CYBERSCOOP The National Security Agency said on Tuesday that Chinese state-backed hackers are exploiting a flaw in a widely used networking device that allows an attacker to carry out remote code execution.
In its advisory, the NSA said it believes a Chinese hacking crew known as APT5 “has demonstrated capabilities” against an application delivery controller made by Citrix. Citrix released an emergency patch to fix the vulnerability on Monday and said that “exploits of this issue on unmitigated appliances in the wild have been reported.” The spy agency’s advisory effectively burns down an apparent Chinese intelligence operation by exposing its tools and advising potential victims on how to prevent further attacks.
Now that they’ve been burned, the hackers behind the operation targeting Citrix may step up the pace of their attacks. Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability. The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and seize control.
Successful exploitation, however, requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider (SP) or a SAML identity provider (IdP). The following supported versions of Citrix ADC and Citrix Gateway are affected by the vulnerability - Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25Citrix ADC 12.1-FIPS before 12.1-55.291Citrix ADC 12.1-NDcPP before 12.1-55.291 Citrix ADC and Citrix Gateway versions 13.1 are not impacted. VMWare releases updates for code execution vulnerabilities. Citrix Security Report and Data Breaches. Citrix Data Breach: Password Spraying Lets Hackers Obtain 6TB of Data.
American software giant Citrix has suffered a major security breach, the company has admitted, but mystery surrounds the precise nature of the attack, after a new-on-the-scene cybersecurity company based in Los Angeles called “Resecurity” said it had alerted the FBI and Citrix to the breach and claimed an Iranian threat group was to blame for exfiltrating over six terabytes of Citrix data. That claim resulted in extensive airtime for the company, whose president, Charles Yoo, told reporters that the breach may have first happened a decade ago and that the attackers were targeting Citrix clients whose work spans FBI-related projects, NASA and aerospace contracts and work with Saudi Aramco.
It did not offer detail on how it identified the breach. Computer Business Review has left a request for further comment with the company. He added: “The specific documents that may have been accessed, however, are currently unknown. Citrix Data Breach: Lateral Movement was Not Identified More to follow… Why The Citrix Breach Matters -- And What To Do Next. Getty Over the weekend, it has emerged that Citrix has been hit by hackers in attacks that potentially exposed large amounts of customer data. On March 6, 2019, the FBI contacted Citrix with the news that international cyber criminals had likely gained access to the internal Citrix network. The firm says in a statement that it has taken action to contain this incident.
“We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” says Stan Black, Citrix CSIO. According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM, which has hit more than 200 government agencies, oil and gas firms and technology companies. Resecurity says the group uses proprietary techniques to bypass 2FA authorization for critical applications and services for further unauthorized access to virtual private networks channels and single sign-on. What we know. We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw • Graham Cluley. This article is more than 2 years old About two weeks ago alarm bells rang over a newly-discovered (and unpatched) flaw in Citrix servers. The vulnerability, technically dubbed CVE-2019-19781 but also known as “Shitrix”, was found to be present on Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) commonly used on corporate networks.
Then we discovered hackers were seemingly-altruistically inoculating vulnerable servers from further Shitrix attacks, but actually at the same time opening a secret backdoor to allow future cybercriminal campaigns. Things really took a bizarre twist when the Dutch press reported the threat of more traffic jams as government employees in The Netherlands were forced by the vulnerability to travel to work rather than log in remotely. And now? Now, with sad predictability, we’re getting the first reports of ransomware being planted by hackers exploiting the Shitrix flaw. Good news. Citrix delivers first patches to mop up Shitrix flaw that is being actively exploited • Graham Cluley.
This article is more than 2 years old Over the weekend Citrix announced that its plans to release patches for critical vulnerabilities in its technology, used by tens of thousands of businesses worldwide, have significantly sped up. The first patches, which address the CVE-2019-19781 or so-called Shitrix vulnerability, are now available for versions 11.1 and 12.0 of Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC. “We urge customers to immediately install these fixes,” Citrix says. Furthermore the company has moved forward its target dates for release of permanent patches for other versions of ADC and older versions of the Citrix SD-WAN WANOP.
That’s certainly good news as hackers have been actively exploiting the flaw – in some cases even using it to compromise vulnerable systems, remove malware planted by earlier hackers, and applying Citrix’s mitigation steps – only to leave a secret backdoor open for future compromise. Shitrix: Hackers target unpatched Citrix systems over weekend • Graham Cluley. This article is more than 2 years old Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.
Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) were found to contain a security vulnerability in December that “could allow an unauthenticated attacker to perform arbitrary code execution.” Citrix has not at the time of writing released a patch for the critical vulnerability, which is officially called CVE-2019-19781 but also goes by the more colloquial moniker of “Shitrix”.
Instead the company has detailed a series of mitigation steps until permanent fixes in the form of firmware updates are made available – hopefully by the end of the month. Mursch says that a scan he conducted found over 25,000 vulnerable Citrix systems, in 122 countries across the globe. It looked like a Citrix ShareFile phishing attack, but wasn’t • Graham Cluley. This article is more than 4 years old Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers. Over the last few days, many people received an email from Citrix Systems, requesting them to change their passwords. Many wondered if this was the result of a breach. I wondered what they were thinking when they sent these messages. Here is a screenshot of the email Citrix ShareFile users received: There has been a constant increase in internet-account credential (usernames and passwords) theft. Most people who contacted me wanted to know if this was a phishing scam.
The message arrived unsolicited;The message is very generic;The message contains links. The only thing missing from the message is an urgent warning and a threat. To get it right, all that Citrix needed to do was to stop after the sentence that reads “Users will need to reset their passwords when logging into ShareFile.”
Citrix hackers may have stolen six terabytes worth of files • Graham Cluley. This article is more than 3 years old Three days ago, at the end of last week, Citrix made the kind of announcement that no company wants to make. “On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.” In a statement posted on the Citrix blog, Chief Security Information Officer Stan Black admitted that the hackers may have accessed and downloaded some business documents – but it didn’t currently know which specific documents.
Black went on to say that no indication had been discovered that the security of any Citrix services or products had been compromised by the security breach. And how had the breach occurred? Citrix said it hadn’t confirmed the mechanisms used by the attackers yet, but that the FBI suspected that the hackers had used a technique known as “password spraying”. Other recent victims of the Iridium group include the Australian parliament. Hackers lurked in Citrix systems for six months | ZDNET. Citrix has revealed a data breach in which cyberattackers managed to maintain persistence on its systems and conduct data theft over a period of six months. In a letter (.PDF) sent to potential victims this week, the US software company said that the FBI informed Citrix of a potential compromise by "international cybercriminals.
" Citrix then investigated the matter and found that the group had "intermittent access" to its systems between October 13, 2018 and March 8, 2019, a period of roughly six months. The company believes that information was stolen during this time relating to current and former employees, and potentially beneficiaries and dependents, too. See also: Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies The extent of the theft is not yet known but it is possible that the data stolen included names, Social Security numbers, and financial information. It is unclear how many individuals may have been involved in the data breach. Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw. Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32.
"Both must be configured with an SAML SP or IdP configuration to be affected," Citrix noted in its security update. The National Security Agency (NSA) issued its own warning that the China-linked APT5 threat group has been actively targeting Citrix ADCs to bypass authentication controls to breach organizations. It also provided threat hunting guidance for security teams, and asked for intelligence sharing among the public and private sectors. "The indicators and context from this analysis can be used by organizations for defensive purposes against this malicious activity," the NSA announced.