Security News
Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organizationThe exploitation of the Citrix NetScaler ADC zero-day vulnerability was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency. CISOs under pressure: Protecting sensitive information in the age of high employee turnoverIn this Help Net Security interview, Charles Brooks, Adjunct Professor at Georgetown University's Applied Intelligence Program and graduate Cybersecurity Programs, talks about how zero trust principles, identity access management, and managed security services are crucial for effective cybersecurity, and how implementation of new technologies like AI, machine learning, and tracking tools can enhance supply chain security.
The exploitation of the Citrix NetScaler ADC zero-day vulnerability was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization's non-production environment NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim's active directory and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement," the agency shared in an advisory published on Thursday.
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. Adobe says the CVE-2023-38205 flaw was abused in limited attacks.
Citrix has patched three vulnerabilities in NetScaler ADC and NetScaler Gateway, one of which is a zero-day being exploited by attackers. In early 2022, the company reported the exploitation of a RCE vulnerability in its Citrix ADC deployments by a Chinese state-sponsored group.
Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller and Gateway that it said is being actively exploited in the wild.The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on "Unmitigated appliances." However, successful exploitation requires the device to be configured as a Gateway or authorization and accounting virtual server.
Another way, which is apparently what Microsoft originally investigated, is that the attackers were able to steal enough data from the authentication servers to generate fraudulent but valid-looking authentication tokens for themselves. Microsoft ultimately determined that although the rogue access tokens in the Storm-0558 attack were legitimately signed, which seemed to suggest that someone had indeed pinched a company singing key.
Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.
Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.
Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks.Under the binding operational directive issued in November 2021, U.S. Federal Civilian Executive Branch Agencies are now required to secure Windows devices on their networks against attacks exploiting CVE-2023-36884.