Security News

Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. Citrix is warning admins to install the latest update "As soon as possible" as the vulnerability is actively exploited in attacks.

An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. "Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls."

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller and Gateway that could be exploited to take control of affected systems.Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations.

Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway."Note that only appliances that are operating as a Gateway are affected by the first issue, which is rated as a Critical severity vulnerability," explains the Citrix security bulletin.

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.

Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management vulnerability that can let attackers reset admin passwords. Citrix ADM is a web-based solution that provides admins with a centralized cloud-based console for managing on-premises or cloud Citrix deployments, including Citrix Application Delivery Controller, Citrix Gateway, and Citrix Secure Web Gateway.

Citrix RightSignature is an electronic document signature solution that supports users in creating, sharing and returning their e-signature documentation. RightSignature users can set their documents to provide automatic notifications to signers that will remind them to sign their documents if they have yet to do so.

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability, as the US Office of Inspector General disclosed in a recent report. "The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks," the OIG said.

Leveraging cloud-delivered digital workspace and secure access solutions from Citrix Systems, Kaizen has created a modern security framework through which it can help itself - and its clients - deliver a simple, secure work experience that empowers employees to work when, where and how they want while keeping their information and devices safe. How is Kaizen delivering on this? By moving to the cloud and leveraging solutions from Citrix to secure all the tools, apps, content, and devices that employees need and prefer to use and deliver them in a simple experience that can be customized to fit their personal preferences and evolving work styles.