Security News
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. "A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller," Citrix explains.
Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. CVE-2023-3519 refers to a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could lead to unauthenticated remote code execution.
A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. Security researchers at cybersecurity company Fox-IT and the Dutch Institute of Vulnerability Disclosure have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.
Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability. The critical CVE-2023-3519 Citrix flaw was discovered in mid-July 2023 as a zero-day, with hackers actively exploiting it to execute code remotely without authentication on vulnerable devices.
Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution.
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as...
Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organizationThe exploitation of the Citrix NetScaler ADC zero-day vulnerability was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency. CISOs under pressure: Protecting sensitive information in the age of high employee turnoverIn this Help Net Security interview, Charles Brooks, Adjunct Professor at Georgetown University's Applied Intelligence Program and graduate Cybersecurity Programs, talks about how zero trust principles, identity access management, and managed security services are crucial for effective cybersecurity, and how implementation of new technologies like AI, machine learning, and tracking tools can enhance supply chain security.
Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution bug exploited by unauthenticated attackers in the wild as a zero-day. "We tag all IPs where we see a version hash in a Citrix instance. This is due fact that Citrix has removed version hash information in recent revisions," Shadowserver said.
Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution bug exploited by unauthenticated attackers in the wild as a zero-day. "We tag all IPs where we see a version hash in a Citrix instance. This is due fact that Citrix has removed version hash information in recent revisions," Shadowserver said.
Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.