Citrix

jbzfn, 2 months ago

⚠️ CSG is failing to honor its GPL obligations, say critics - The Register

「 Cloud Software Group – the post-merger offspring of Citrix and Tibco – has decided to withdraw the community edition of its JasperReports Server. Now all you can get is the commercial edition, with a 30-day free trial 」

https://www.theregister.com/2024/03/21/csg_fails_to_honor_agpl/

#JasperReports #AGPL #GPL #Citrix #Opensource

governa, 3 months ago

#citrix #okta #f5 #ivanti #fortigate

cyberpanda, 3 months ago German

This meme is proper bang on relatable, innit?

Time for a bit of a laugh! 🫣🤣
#Ivanti #citrix #fortinet

simontsui, 4 months ago

Citrix Hypervisor Security Bulletin for CVE-2023-46838. "An issue has been discovered that affects Citrix Hypervisor 8.2 CU1 LTSR and may allow malicious privileged code in a guest VM to cause the host to crash or become unresponsive." We have released a hotfix (NOTE: NOT A PROPER PATCH) to address this issue.
🔗 https://support.citrix.com/article/CTX587605/citrix-hypervisor-security-bulletin-for-cve202346838

#CVE202346838 #Citrix #Hypervisor #vulnerability #PatchTuesday

simontsui, 4 months ago

Citrix security advisory contains two zero-days: Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway):

• CVE-2023-6548 (5.5 medium) Authenticated (low privileged) remote code execution on Management Interface
• CVE-2023-6549 (8.2 high) Denial of Service

"Exploits of these CVEs on unmitigated appliances have been observed."
🔗 https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

#CVE20236548 #CVE20236549 #Citrix #vulnerability #securityadvisory #Netscaler #PatchTuesday

necrosis, 5 months ago German

Huch. Was ist mit #Citrix Workspace passiert?

Es läuft out of the box unter #Ubuntu 😲

simontsui, 6 months ago

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory #StopRansomware: LockBit Ransomware Affiliates Exploit CVE-2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.
Link: https://www.cisa.gov/news-events/alerts/2023/11/21/cisa-fbi-ms-isac-and-asds-acsc-release-advisory-lockbit-affiliates-exploiting-citrix-bleed

#CISA #KEV #KnownExploitedVulnerabilitiesCatalog #vulnerability #eitw #activeexploitation citrixbleed #CVE20234966 #citrix #NetScaler

johnleonard, 6 months ago

China's largest commercial bank hit by ransomware

ICBC confirms an attack that halted some trades

https://www.computing.co.uk/news/4145029/chinas-largest-commercial-bank-hit-ransomware

#technews #icbc #ransomware #lockbit #citrix #infosec

hrbrmstr, 7 months ago

🚨 We ( @greynoise ) have tracked active malicious actors attempting to exploit CVE-2023-4966, an Information Disclosure Attempt in #Citrix #Netscaler

Be careful out there.

https://viz.greynoise.io/query?gnql=tags:%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22

simontsui, 7 months ago

Citrix security advisory "have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting" CVE-2023-4966 (NVD 7.5 high/vendor 9.4 critical, disclosed 10 October 2023 by Citrix, reported exploited in the wild as a zero day by Mandiant on 17 October 2023, added to CISA Known Exploited Vulnerabilities Catalog on 18 October 2023). No IOC provided still.
Link: https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/

#Citrix #NetscalerADC #NetscalerGateway #zeroday #eitw #activeexploitation #CVE20234966

heisec, 7 months ago German

Citrix dichtet kritisches Leck in Netscaler ab

In Netscaler ADC und Gateway klaffen Sicherheitslücken, ebenso im Hypervisor von Citrix. Aktualisierte Software-Pakete schließen sie.

https://www.heise.de/news/Citrix-dichtet-kritisches-Leck-in-Netscaler-ab-9330770.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Citrix #Sicherheitslücken #news

InfosecStuC, 7 months ago

#citrix posts a security advisory with a cvss of 9.4 a nd then entirely fails to provide adequate resources so that this may be downloaded. My frustration and that of my colleagues knows no bounds

governa, 7 months ago

#Citrix Devices Under Attack: #NetScaler Flaw Exploited to Capture User Credentials ⚠️

https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html

simontsui, 7 months ago

IBM X-Force uncovered a campaign exploiting CVE-2023-3519 (CVSS 9.8 critical, disclosed 18 July 2023) to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. IOC provided.
Link: https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/

Tags: #CVE20233519 #citrix #netscaler #CitrixADC #CitrixGateway #eitw #IOC

brett, 9 months ago

I think this may the first breach notification related to #Citrix #FileShare

In other news, here's the latest #MOVEit stats.

https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/