Security News

Citrix shares mitigations for ongoing Netscaler password spray attacks
2024-12-13 22:10

Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. [...]

Citrix goes shopping in Europe and returns with gifts for security-conscious customers
2024-12-12 05:02

Acquires two companies that help those on the nice list keep naughty list types at bay Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair of...

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
2024-11-12 16:11

'Once again, we've lost a little more faith in the internet,' researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code...

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
2024-11-12 14:01

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per...

Citrix warns admins to manually mitigate PuTTY SSH client bug
2024-05-09 19:27

Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. The security flaw impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use PuTTY to make SSH connections from XenCenter to guest VMs when clicking the "Open SSH Console" button.

Change Healthcare hacked using stolen Citrix account with no MFA
2024-04-30 14:13

The ransomware attack on Change Healthcare occurred in late February 2024, leading to severe operational disruptions on Optum's Change Healthcare platform. The healthcare org recently admitted that it paid a ransom to protect people's data post-compromise, but no details about the attack or who carried it out were officially disclosed.

Citrix, Sophos software impacted by 2024 leap year bugs
2024-02-29 18:30

Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. Leap years solve the synchronization problem caused by the Gregorian calendar measuring a year in 365 days, while the astronomical year is 365.24 days.

Two more Citrix NetScaler bugs exploited in the wild
2024-01-18 15:30

Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. The flaws only affected customer-managed NetScaler ADC and NetScaler Gateway, so customers using Netscaler-managed services don't have to worry about any of this.

CISA pushes federal agencies to patch Citrix RCE within a week
2024-01-17 18:31

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denial-of-service attacks, respectively.

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
2024-01-17 04:14

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The...