Security News

This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. SANS dean of research Johannes Ullrich today said his honeypot, set up to detect exploitation attempts against bugs in F5's products, encountered attempts by someone to exploit a couple of the holes Citrix patched in its gear.

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. Affected gear includes the Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bugs being targeted in the wild, though Rob Joyce, former head of the NSA's Tailored Access Operations elite hacking team, urged admins to apply the patches - right after fixes emerged for vulns in F5 and Palo Alto networking gear, too.

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller, Gateway, and SD-WAN WAN Optimization edition networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

Upwork is teaming with Citrix Systems to power flexible work. Upwork announced the launch of the Upwork Talent Solution with Citrix Workspace, a unique offering designed to deliver a best-in-class secure remote infrastructure for companies to boost efficiency and productivity as the world increasingly adopts the benefits of remote, on-demand talent.

The company announced the availability of a new back-to-office solution built on Citrix Workspace that its customers and partners can use to safely transition employees back to offices, enhance their experience and wellbeing and enable them to efficiently adapt to the new world of work. "Citrix has been powering flexible and secure work models for more than 400,000 global organizations within our digital workspace for more than three decades, and we are uniquely positioned to help them adapt and get back to business while putting the safety and wellbeing of their employees first."

Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation's infosec advice agency says that while the attacker has gained access to some systems it has not conducted "Any disruptive or destructive activities within victim environments." Morrison said the attack has targeted government, key infrastructure and the private sector, and was sufficiently serious that he took the courteous-in-a-crisis, but not-compulsory step, of informing the leader of the opposition about the incident.

Citrix this week announced that updates released for Citrix ShareFile storage zones controllers address several information disclosure vulnerabilities. With storage zones controllers, the ShareFile Software-as-a-Service cloud storage also offers private storage for ShareFile data, which is known as storage zones.

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The newly identified security issues specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The newly identified security issues specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.

To help plug it, Citrix Systems has launched App Protection, which enables companies to protect apps and data on unmanaged endpoints and ensure their corporate systems and information remain safe. "Endpoints are the penultimate control point for the implementation of device, application, and data security. The rapid acceleration of remote work sparked by the COVID-19 pandemic and proliferation of unmanaged personal devices being used for business has created a special challenge, as decentralization is not the friend of security," said Frank Dickson, Program Vice President, Security & Trust, IDC. "And specialized and sophisticated tools are required to overcome it."