Security News

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered. Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products.

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out. Researchers at FireEye report finding a hacking group that has been bundling mitigation code for NetScaler servers with its exploits.

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out. Researchers at FireEye report finding a hacking group that has been bundling mitigation code for NetScaler servers with its exploits.

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

To help companies do this, Citrix Systems announced the launch of Citrix Analytics for Performance, a next-generation service that goes beyond monitoring server-side infrastructure, and enables IT administrators to identify performance issues at the individual user level and proactively address them to deliver a superior experience that engages employees and keeps them happy and productive. "Modern employees expect consumer-like experiences in how they access their enterprise applications. And they have zero tolerance for poor system performance that slows them down," said Steve Wilson, Vice President of Product for Workspace Ecosystem and Analytics, Citrix.

Proof-of-concept exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. The vulnerability, which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web.

Exploits targeting the recent Citrix Application Delivery Controller vulnerability have already been published online, yet security patches will not be available for at least another week. Impacting both Citrix ADC and Citrix Gateway, the vulnerability is tracked as CVE-2019-19781 and could lead to code execution without authentication, Citrix revealed on December 17, 2019.

With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. Some other researchers then published exploits and scanners for it.

Technology giant Citrix says it's racing to develop patches to fix a severe flaw in its software, for which proof-of-concept exploit code has now been released. Designated CVE-2019-19781, the directory traversal flaw has been present in Citrix's code for nearly six years, but only came to light - at least publicly - in December 2019.

Late last month Citrix disclosed a critical security hole in its Application Delivery Controller and Unified Gateway offerings. Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.