Citrix SD-WAN Bugs Allow Remote Code Execution
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center. Continue reading Citrix SD-WAN Bugs Allow Remote Code Execution
Category Archives: citrix
Citrix introduces two workspace security solutions to secure access and protect apps anywhere
The rapid move to the cloud and remote work prompted by the COVID-19 pandemic are creating dynamic work environments that promise to drive new levels of productivity and innovation. But they have also opened the door to a host of new security and relia… Continue reading Citrix introduces two workspace security solutions to secure access and protect apps anywhere
Citrix expands its Citrix Ready Workspace Security Program to include zero trust solutions
Work today is happening everywhere on everything from corporate issued laptops and mobile devices to personal tablets and even smartwatches. While this new-found freedom has given a major boost to productivity and innovation, it has also raised a new s… Continue reading Citrix expands its Citrix Ready Workspace Security Program to include zero trust solutions
25 vulnerabilities exploited by Chinese state-sponsored hackers
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be e… Continue reading 25 vulnerabilities exploited by Chinese state-sponsored hackers
NSA warns defense contractors of recent Chinese government-backed hacking
U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target — and successfully breach — victim networks, the National Security Agency said in an advisory Tuesday. The hackers are specifically going after 25 known vulnerabilities that primarily affect products used for remote access or for external web services, which the NSA lays out in detail in the advisory. Vulnerabilities the Chinese hackers are exploiting include those of Pulse Secure VPNs, which could allow attackers to steal victim passwords, as well as F5 Networks’ Big-IP Traffic Management User Interface, Windows Domain Name System servers, a series of flaws in Citrix ADC and Gateway devices, and several others. System administrators in the defense industrial base should immediately patch the vulnerabilities the Chinese hackers are exploiting, the NSA warned. “NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently […]
The post NSA warns defense contractors of recent Chinese government-backed hacking appeared first on CyberScoop.
Continue reading NSA warns defense contractors of recent Chinese government-backed hacking
Known Citrix Workspace Bug Open to New Attack
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July. Continue reading Known Citrix Workspace Bug Open to New Attack
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Continue reading Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says
Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday. Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA). All of these are tools are open source and commercially available, making potentially high value espionage targets in the U.S. government relatively easy and low-cost for state-sponsored hackers […]
The post Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says appeared first on CyberScoop.
Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors “will move quickly to exploit” two critical flaws in its mobile device management software. Continue reading Citrix Warns of Critical Flaws in XenMobile Server
Intel, SAP, and Citrix release critical security updates
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Apple released iCloud for Windows updates and Google pushed out fixes to Chrome. They were followed by… Continue reading Intel, SAP, and Citrix release critical security updates