Security News

Stick that in your named pipe and smoke it: Flaw in Citrix Workspace could let remote attacker pwn host machine
2020-07-21 16:39

Research outfit Pen Test Partners has uncovered a vulnerability in the Citrix Workspace app potentially allowing a privilege escalation to lead to full remote compromise of the host machine. The flaw, CVE-2020-8207, sees Workspace app's automatic update feature abused to gain access to a vulnerable Workspace app installation, with the attack vector being a named pipe.

Citrix Says Data Sold on Dark Web Comes From Third Party
2020-07-15 14:48

Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it's not very sensitive. Citrix has found no evidence that its systems have been compromised, and pointed out that hackers couldn't have moved from the third party's network to its own systems.

Citrix denies dark web claim of network compromise and ransomware attack
2020-07-15 05:01

Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J Serna says the company is aware of a "Threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack."

Week in review: MongoDB attacks, hackers hitting F5 BIG-IP, Citrix devices, Patch Tuesday forecast
2020-07-12 08:00

Attackers are probing Citrix controllers and gateways through recently patched flawsSANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot. Exposing the privacy risks of home security camerasAn international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.

Hackers Scanning for Citrix Systems Affected by Recent Vulnerabilities
2020-07-10 12:04

Hackers are apparently scanning the web for systems affected by the recently disclosed Citrix vulnerabilities, which the vendor suggested are less likely to be exploited. Citrix informed customers earlier this week that it has patched a total of 11 vulnerabilities affecting its ADC, Gateway, and SD-WAN WANOP networking products.

Attackers are probing Citrix controllers and gateways through recently patched flaws
2020-07-10 09:17

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller, Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. On Thursday SANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot.

FYI: Someone's scanning gateways, looking for those security holes Citrix told you not to worry too much about
2020-07-09 20:32

This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. SANS dean of research Johannes Ullrich today said his honeypot, set up to detect exploitation attempts against bugs in F5's products, encountered attempts by someone to exploit a couple of the holes Citrix patched in its gear.

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees
2020-07-08 10:55

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. Affected gear includes the Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bugs being targeted in the wild, though Rob Joyce, former head of the NSA's Tailored Access Operations elite hacking team, urged admins to apply the patches - right after fixes emerged for vulns in F5 and Palo Alto networking gear, too.

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
2020-07-08 00:43

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller, Gateway, and SD-WAN WAN Optimization edition networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

Upwork and Citrix team up to power flexible work
2020-06-30 23:30

Upwork is teaming with Citrix Systems to power flexible work. Upwork announced the launch of the Upwork Talent Solution with Citrix Workspace, a unique offering designed to deliver a best-in-class secure remote infrastructure for companies to boost efficiency and productivity as the world increasingly adopts the benefits of remote, on-demand talent.