Security News

Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances. "Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions of NetScaler ADC and NetScaler Gateway as soon as possible," reads Citrix's security bulletin.

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the...

Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials. The flaw is a critical unauthenticated remote code execution bug discovered as a zero-day in July that impacts Citrix NetScaler ADC and NetScaler Gateway.

A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. "Our data indicates strong similarity between attacks using CVE-2023-3519 and previous attacks using a number of the same TTPs," Sophos researchers shared.

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks. Resemblances to another attack that Sophos analysts observed earlier in the summer have led the analysts to deduce that the two activities are linked, with the threat actor specializing in ransomware attacks.

About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns. Threat actors have been exploiting a NetScaler appliance vulnerability to get persistent access to the compromised systems.

Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer. Uncle Sam's Cybersecurity and Infrastructure Security Agency on Wednesday warned that criminals have exploited CVE-2023-24489, a 9.8-of-10-severity improper-access-control bug in Citrix ShareFile.

CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers.GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency has added the vulnerability to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation. "This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.