Collaborate Disseminate
Citrix has issued its first set of patches fixing a nasty vulnerability that’s been hanging over some of its biggest products. Continue reading Citrix ships patches as vulnerable servers come under attack
With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. Do you use Citrix’s Application Delivery Controller (ADC) or Ga… Continue reading Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing
It’s been more than two weeks since researchers went public with a critical vulnerability in products made by corporate VPN service provider Citrix that could give a hacker free rein over the many enterprise networks that use the software. Now, with no sign of a complete patch for the vulnerability, cybersecurity experts are exhorting organizations to address the issue. “It’s extremely important to apply the mitigation steps and recognize that there is no patch for this,” said Dave Kennedy, founder of cybersecurity company TrustedSec, adding that he has already seen attackers scanning for vulnerable systems. “We have a working exploit, and it took us under a day to develop it,” Kennedy told CyberScoop. “Attackers have the same capabilities.” The flaw, discovered by cybersecurity company Positive Technologies, is in a Citrix cloud-based application delivery tool, as well as a product that allows remote access to the company’s applications. Based on the […]
The post Experts urge organizations to address festering critical Citrix flaw appeared first on CyberScoop.
Continue reading Experts urge organizations to address festering critical Citrix flaw
A critical vulnerability has been discovered in Citrix’s Application Delivery Controller (ADC) and Gateway products that could give attackers unauthorized access to enterprise networks as well as the ability to run code on them. Security company Positive Technologies, which first discovered the flaw, says the vulnerability spans several years’ worth of Citrix technology. It estimates that “at least 80,000 companies in 158 countries are potentially at risk.” Citrix’s ADC is a cloud-based application delivery and load balancing tool, while Gateway allows remote access to a company’s applications. The vulnerability affects Citrix ADC and Citrix Gateway 13.0, 12.1, 12.0, 11.1, and 10.5. “Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” Dmitry Serebryannikov, director of the security audit department for Framingham, Massachusetts-based Positive Technologies, said in a blog post. Citrix […]
The post Critical flaw in Citrix applications could allow unauthorized access to internal networks appeared first on CyberScoop.
Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants. Continue reading Critical Remote Code-Execution Bugs Threaten Global Power Plants
Researchers believe the threat group is based in China. Continue reading Calypso APT Emerges from the Shadows to Target Governments
Flaws that allow attackers to bypass the payment limits on Visa contactless cards have been discovered by researchers Leigh-Anne Galloway and Tim Yunusov at Positive Technologies. The attack was tested with five major UK banks, successfully bypassing t… Continue reading Flaws allow attackers to bypass payment limits on Visa contactless cards
Expert testing of iOS and Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in mobile apps. Positive Technologies’ yearly report, Vulnerabilities and Threats in Mobile Applications 2019, found … Continue reading High-risk vulnerabilities found in 1/3 of iOS apps, nearly half of Android apps
Positive Technologies experts Ivan Boyko, Vyacheslav Moskvin, and Sergey Fedonin have discovered multiple vulnerabilities in Moxa industrial switches in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series. These switches are used to build industria… Continue reading Exploitation of vulnerabilities in Moxa industrial switches could disrupt communication between ICS components
In external penetration testing undertaken for corporate clients in industrial, financial, and transport verticals in 2018, Positive Technologies found that, at the vast majority of companies, there were multiple vectors in which an attacker could reac… Continue reading What do successful pentesting attacks have in common?