Citrix disclosed a critical vulnerability in its NetScaler technology last month, which may have contributed to this week’s disruptive ransomware attack on the world’s largest bank, the PRC’s Industrial and Commercial Bank of China (ICBC). The incident emphasises the importance for businesses, if they haven’t already, to patch against the threat promptly.
Numerous on-premises Citrix NetScaler ADC and NetScaler Gateway application delivery platforms are impacted by the so-called “CitrixBleed” vulnerability (CVE-2023-4966).
According to the CVSS 3.1 severity scale, the vulnerability allows attackers the ability to gain control of user sessions and steal private data, with a score of 9.4 out of a possible 10. Citrix has stated that there is no user interaction required, low attack complexity, and remote exploitability linked with the vulnerability.
A few weeks prior to Citrix releasing updated versions of the impacted software on October 10, mass CitrixBleed Exploitation Threat actors had been actively utilising the vulnerability since August. Organisations are also strongly advised t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: