Security News

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
2022-12-29 09:43

Thousands of Citrix Application Delivery Controller and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. Citrix and the U.S. National Security Agency, earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.

Week in review: Citrix and Fortinet RCEs, Microsoft fixes exploited zero-day
2022-12-18 09:30

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP!An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. Microsoft fixes exploited zero-day, revokes certificate used to sign malicious driversIt's December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw exploited by attackers to deliver a variety of malware.

Citrix patches critical ADC flaw the NSA says is already under attack from China
2022-12-14 06:57

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today. Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
2022-12-14 04:40

The U.S. National Security Agency on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller and Gateway to take over affected systems. Successful exploitation requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider or a SAML identity provider.

Hackers exploit critical Citrix ADC and Gateway zero day, patch now
2022-12-13 15:07

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

Citrix fixes critical ADC and Gateway zero-day exploited in attacks
2022-12-13 15:07

Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. Citrix is warning admins to install the latest update "As soon as possible" as the vulnerability is actively exploited in attacks.

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
2022-12-13 13:27

An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. "Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls."

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products
2022-11-10 10:26

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller and Gateway that could be exploited to take control of affected systems.Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations.

Citrix urges admins to patch critical ADC, Gateway auth bypass
2022-11-08 17:03

Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway."Note that only appliances that are operating as a Gateway are affected by the first issue, which is rated as a Critical severity vulnerability," explains the Citrix security bulletin.

Deliver Secure Digital Workspaces with Citrix Virtual Apps and Desktops on Microsoft Azure
2022-09-16 00:00

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.