Security News

To help drive it, Citrix announced that it is expanding the Citrix Ready Workspace Security Program to include zero trust solutions from trusted and verified partners that will allow companies to simplify the selection of vendors and leverage their existing investments to design a modern security framework that delivers zero trust outcomes. In expanding the program to include solutions that integrate with these offerings and have zero trust principles built-in, Citrix is providing extended context and an additional layer of security that make an enterprise more secure.

To fix the problem, the latest update catalogs are now directly downloaded from the Citrix update servers, and the service "Cross-references the hashes with the file that is requested for install from the UpdateFilePath attribute," wrote researchers at Pen Test Partners, in a Monday posting. "If the update file is signed, valid and the hash of the update file matches one of the files within the manifest, the update file is executed to perform the upgrade," they explained.

Where Chinese hackers exploit, Iranians aren't far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.

Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan. Administrators and users alike found that update 1.321.1319.0 of the malware masher left Citrix's platform a tad borked, with the Citrix Broker service gone from the Services console and the BrokerService.

Windows Defender has caused problems for some Citrix customers after deleting two services incorrectly detected as malware. Windows Defender users who installed the update may have had their Citrix Broker and HighAvailability services on Delivery Controllers and Cloud Connectors deleted after they were erroneously detected as a trojan.

The flaws exist in Citrix Endpoint Management, often referred to as XenMobile Server, which enables businesses to manage employees' mobile devices and mobile applications by controlling device security settings and updates. Specifically impacted at a critical level by the dual vulnerabilities is: XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6 and XenMobile Server before 10.9 RP5. The remaining three flaws are rated medium- and low-severity.

August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.

This time the problem is in the Citrix Endpoint Management, the product Citrix suggests as an ideal way to securely manage devices and "Let employees work how, when and where they want." The situation is sufficiently serious that Citrix gave advance notice of the bugs to "a number of major CERTs around the world." But it's not explained just what the bugs entail, offering only a list of CVE numbers, and hasn't said which of the five are critical.

Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management, which allow an attacker to gain administrative privileges on affected systems. The severity of the identified vulnerabilities, which carry the CVE identifiers CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212, differs based on the installed version of XenMobile.