Security News

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability, as the US Office of Inspector General disclosed in a recent report. "The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks," the OIG said.

Leveraging cloud-delivered digital workspace and secure access solutions from Citrix Systems, Kaizen has created a modern security framework through which it can help itself - and its clients - deliver a simple, secure work experience that empowers employees to work when, where and how they want while keeping their information and devices safe. How is Kaizen delivering on this? By moving to the cloud and leveraging solutions from Citrix to secure all the tools, apps, content, and devices that employees need and prefer to use and deliver them in a simple experience that can be customized to fit their personal preferences and evolving work styles.

Research from Citrix Systems shows that more than 90 percent of employees prefer flexible work, and 82 percent of companies plan to embrace hybrid models to accommodate it and capitalize on the benefits it can drive. "In a remote work world, everyone appears in equal boxes on the screen and has the same access to information and opportunities to contribute to a project. As companies move toward hybrid models, they must maintain this consistent, inclusive and equal experience to ensure that no employee is at a disadvantage because of their work location and reap the improvements in effectiveness and productivity that more flexible work models can drive."

Ivanti announced it is teaming with Citrix to further empower service desk analysts and end users in the everywhere workplace with automation bots that proactively detect and resolve issues. Ivanti Neurons for IT Service Management now integrates with Citrix Workspace, resulting in reduced help desk ticket volumes, improved mean time to remediation, and optimal personalized end user experiences.

Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. All supported versions of Citrix Workspace app for Windows are affected by the security hole.

Wipro Limited announced that it has strengthened its alliance with Citrix Systems and Hewlett Packard Enterprise. The partnership will provide enterprises a robust solution that will accelerate remote working and bring modernization into workspaces.

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host. Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive.

Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service attacks. Several people reported a few days before Christmas that they had started seeing DDoS attacks abusing their Citrix ADC and Gateway devices.

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.