Security News

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The desktop virtualization and networking service provider said it's monitoring the incident and is continuing to investigate its impact on Citrix ADC, adding "The attack is limited to a small number of customers around the world."

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller networking appliances with EDT enabled. Reports of the attack have started trickling in on December 21st, with customers reporting an ongoing DDOS amplify attack over UDP/443 against Citrix Gateway devices.

Three security bugs in the Citrix software-defined-WAN platform would allow remote code-execution and network takeover, according to researchers. The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix.

To help companies defend themselves, Citrix is introducing two new workspace security solutions designed to secure access and protect applications wherever work needs to get done. Citrix Secure Internet Access - A comprehensive, global cloud security service that addresses the security requirements of modern enterprises.

To help drive it, Citrix announced that it is expanding the Citrix Ready Workspace Security Program to include zero trust solutions from trusted and verified partners that will allow companies to simplify the selection of vendors and leverage their existing investments to design a modern security framework that delivers zero trust outcomes. In expanding the program to include solutions that integrate with these offerings and have zero trust principles built-in, Citrix is providing extended context and an additional layer of security that make an enterprise more secure.

To fix the problem, the latest update catalogs are now directly downloaded from the Citrix update servers, and the service "Cross-references the hashes with the file that is requested for install from the UpdateFilePath attribute," wrote researchers at Pen Test Partners, in a Monday posting. "If the update file is signed, valid and the hash of the update file matches one of the files within the manifest, the update file is executed to perform the upgrade," they explained.

Where Chinese hackers exploit, Iranians aren't far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.

Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan. Administrators and users alike found that update 1.321.1319.0 of the malware masher left Citrix's platform a tad borked, with the Citrix Broker service gone from the Services console and the BrokerService.

Windows Defender has caused problems for some Citrix customers after deleting two services incorrectly detected as malware. Windows Defender users who installed the update may have had their Citrix Broker and HighAvailability services on Delivery Controllers and Cloud Connectors deleted after they were erroneously detected as a trojan.