Security News

Ivanti announced it is teaming with Citrix to further empower service desk analysts and end users in the everywhere workplace with automation bots that proactively detect and resolve issues. Ivanti Neurons for IT Service Management now integrates with Citrix Workspace, resulting in reduced help desk ticket volumes, improved mean time to remediation, and optimal personalized end user experiences.

Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. All supported versions of Citrix Workspace app for Windows are affected by the security hole.

Wipro Limited announced that it has strengthened its alliance with Citrix Systems and Hewlett Packard Enterprise. The partnership will provide enterprises a robust solution that will accelerate remote working and bring modernization into workspaces.

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host. Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive.

Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service attacks. Several people reported a few days before Christmas that they had started seeing DDoS attacks abusing their Citrix ADC and Gateway devices.

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The desktop virtualization and networking service provider said it's monitoring the incident and is continuing to investigate its impact on Citrix ADC, adding "The attack is limited to a small number of customers around the world."

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller networking appliances with EDT enabled. Reports of the attack have started trickling in on December 21st, with customers reporting an ongoing DDOS amplify attack over UDP/443 against Citrix Gateway devices.

Three security bugs in the Citrix software-defined-WAN platform would allow remote code-execution and network takeover, according to researchers. The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix.

To help companies defend themselves, Citrix is introducing two new workspace security solutions designed to secure access and protect applications wherever work needs to get done. Citrix Secure Internet Access - A comprehensive, global cloud security service that addresses the security requirements of modern enterprises.