Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is still not over, as these vulnerabilities are still exploited. Citrix and Adobe Patch 0-day Vulnerabilities Simultaneously, products of two companies were hit with critical vulnerabilities… Continue reading Citrix and Adobe Vulnerabilities Under Active Exploitation
Tag: Citrix
Attackers hacked the US Census Bureau using Citrix exploit
The Office of the Inspector General (OIG) reported that unknown attackers hacked the servers of the US Census Bureau on January 11, 2020. To do this, a zero-day Citrix ADC vulnerability and a public exploit were used, and the Bureau was unaware of the breach until January 28, 2020. Census Bureau officials said the compromised… Continue reading Attackers hacked the US Census Bureau using Citrix exploit
DTLS can amplify DDoS by 37 times
Netscout warns that using of the DTLS vector allows hackers to amplify DDoS attacks by 37 times. The researchers found that criminals are using a relatively new vector for amplifying DDoS attacks: the Datagram Transport Layer Security (DTLS) protocol, which provides connection security for protocols using datagrams. DTLS, like other UDP-based protocols, is susceptible to… Continue reading DTLS can amplify DDoS by 37 times
Chinese hackers attack US organizations and exploit bugs in F5, Citrix and Microsoft Exchange
The Department of Homeland Security (DHS CISA) Cybersecurity and Infrastructure Protection Agency (DHS CISA) has published security guidelines for the private sector and government agencies. CISA said that Chinese hackers associated with the Ministry of State Security of the Republic of China are attacking organizations in the United States and exploit bugs in F5, Citrix,… Continue reading Chinese hackers attack US organizations and exploit bugs in F5, Citrix and Microsoft Exchange
Citrix expects attacks on fresh issues in XenMobile
Citrix engineers released a number of Citrix Endpoint Management patches this week. Citrix expects attacks on XenMobile Server corporate mobile device management systems. These issues give an attacker the ability to gain administrative privileges on vulnerable systems. The severity of the encountered issues, which received CVE IDs CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212, differs depending… Continue reading Citrix expects attacks on fresh issues in XenMobile
Dangerous vulnerability in Citrix software is still not resolved in 20% of companies
A month after the publication of information about a dangerous vulnerability in Citrix software that threatened 80 thousand companies in 158 countries, one fifth of companies still did not take measures to eliminate the vulnerability. This can be concluded from the threat intelligence monitoring, conducted by Positive Technologies employees. The critical vulnerability CVE-2019-19781 in Citrix… Continue reading Dangerous vulnerability in Citrix software is still not resolved in 20% of companies
Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines
Destructive race: Citrix releases new patches, and hackers are actively attacking vulnerable servers and installing encryption engines on them. It seems that users are losing. At the beginning of this year was discovered CVE-2019-19781 vulnerability, which affects a number of versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, as well as two old versions… Continue reading Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines