Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Citrix: These are new patches for your vulnerable servers

January 26, 2020
in Internet Security
Citrix: These are new patches for your vulnerable servers
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

No patch yet for severe Citrix Netscaler bug
This critical Citrix bug could affect 80,000 companies.

Enterprise tech company Citrix has rolled out a new round of fixes for a vulnerability that’s already being exploited to install malware on Citrix servers and which has even sparked a turf war among cybercriminals over compromised machines. 

You might also like

Ursnif Trojan has targeted over 100 Italian banks

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Malaysia Airlines suffers data security ‘incident’ spanning nine years

The new fixes address CVE-2019-19781, which has been in the spotlight over the past week after proof-of-concept (PoC) exploit code was released, and hackers started using variants of it to install crypto-miners on enterprise kit. 

The bug affects Citrix Application Delivery Controller (ADC) – formerly known as NetScaler ADC – and Citrix Gateway, formerly known as NetScaler Gateway, as well as Citrix SD-WAN WANOP. 

SEE: 10 tips for new cybersecurity pros (free PDF)

The first set of updates were released earlier this week for some versions of ADC and NetScaler, and Citrix CISO Fermin Serna today announced the release of fixes for SD-WAN WANOP, which are available on Citrix’s support site.  

Serna notes that customers must upgrade all Citrix SD-WAN WANOP versions to build 10.2.6b or 11.0.3b. The fixes are applicable to SD-WAN 4000-WO, 5000-WO, 4100-WO, and 5100-WO platforms. The SD-WAN PE and SD-WAN SE platforms are not affected by this bug. 

While customers can use Citrix’s mitigations to minimize risk, Serna said the company “strongly encourages” admins to apply the permanent fixes as soon as possible.

The bug has become a top target for a few reasons. Citrix disclosed the flaw before Christmas but advised customers it wouldn’t have patches until late January. In the meantime, the PoC exploit code was released for what is considered a simple vulnerability to exploit. 

Earlier this week ZDNet reported that security firm FireEye had identified a hacker who was removing malware from already infected Citrix servers as part of a ploy to gain exclusive control over compromised machines and then install a backdoor. 

FireEye has detected repeated attacks on organizations in the travel, legal, financial, and education sectors.

The Dutch national cybersecurity agency (NCSC) has even advised companies and government agencies that run Citrix ADC or NetScaler Gateway servers to turn off systems until an official patch is ready due to “uncertainty about the effectiveness of the mitigation measures”. 

Citrix insists the mitigations do work but has also advised customers to apply its patches immediately after they become available. 

SEE: A hacker is patching Citrix servers to maintain exclusive access

FireEye today released a scanner that it developed with Citrix for customers to search their networks for indicators of compromise. The free tool is available from the Citrix and FireEye GitHub repositories. 

Citrix’s next set of patches are scheduled for release tomorrow to address the flaw in Citrix ADC and Citrix Gateway versos 12.1, 10.5, and 13.0. 

fireeyecitrixscanner.jpg

The FireEye Citrix scanner uses web server access logs to identify scanning activity targeting a specific appliance.


Image: FireEye/Citrix

Credit: Zdnet

Previous Post

How artificial intelligence provided early warning of Wuhan virus — Quartz

Next Post

The 14 Best Data Science and Machine Learning Platforms for 2020

Related Posts

Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Next Post
The 14 Best Data Science and Machine Learning Platforms for 2020

The 14 Best Data Science and Machine Learning Platforms for 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer
Technology Companies

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
Streamlining data science with open source: Data version control and continuous machine learning
Big Data

Streamlining data science with open source: Data version control and continuous machine learning

March 4, 2021
Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs
Machine Learning

Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs

March 3, 2021
The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021
Neural Networks

The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 13 challenges creating an open, scalable, and secure serverless platform – IBM Developer March 4, 2021
  • Ursnif Trojan has targeted over 100 Italian banks March 4, 2021
  • Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection March 4, 2021
  • Streamlining data science with open source: Data version control and continuous machine learning March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates