Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Proof-of-concept code published for Citrix bug as attacks intensify

January 11, 2020
in Internet Security
Proof-of-concept code published for Citrix bug as attacks intensify
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Project Zero India

Starting with yesterday, there is now public proof-of-concept exploit code for CVE-2019-19781, a vulnerability in Citrix enterprise equipment that can allow hackers to take over devices and access a companies’ internal networks.

The vulnerability is as bad as it gets and has been deemed one of the most dangerous bugs disclosed in recent years.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Codenamed Shitrix by the larger infosec community, this vulnerability impacts Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway.

The vulnerability is a path traversal bug that can be exploited over the internet by an attacker. The attacker does not have to provide authentication credentials for the device when launching an attack. All an attacker has to do is send a boobytrapped request to the vulnerable Citrix appliance, along with the exploit code they want to execute on the device.

The bug was discovered and reported to Citrix by Mikhail Klyuchnikov, a researcher at UK security firm Positive Technologies. Klyuchnikov said that at the time he found the bug, there were more than 80,000 organizations running vulnerable Citrix instances.

Still no patch almost a month later

On December 17, Citrix released a security advisory for its customers, but the company did not release a patch. Instead, Citrix published a support page detailing mitigations in the form of configuration adjustments.

Almost a month later, Citrix has still not released a patch, despite the bug’s severity and its wide impact.

In the meantime, threat actors have been starting to figure out how to exploit the bug — which many security researchers said was trivial and only required a few lines of code.

Scans have been happening for weeks, but exploitation attemps have also begun for at least three days, according to various security experts and cyber-security firms who run honeypot servers.

🚨 In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using ../ directory traversal (a variant of this issue). So this is in the wild, active exploitation starting up. 🚨 https://t.co/pDZ2lplSBj

— Kevin Beaumont (@GossiTheDog) January 8, 2020

The bug’s severity and the clear danger to enterprise systems did not go unnoticed. Over the past few weeks, security experts, government officials, government cybersecurity agencies, CERT teams, and about anyone under the sun who understands basic enterprise security have been warning companies to apply the Citrix mitigations to prevent attacks from exploiting vulnerable machines until Citrix finally releases a permanent fix in the form of a patch.

The Citrix RCE is a doozie. Lots of good security architectures appropriately rely on Citrix to reduce the attack surface significantly and now they are at significant risk. Get this patched. https://t.co/7B9d7e7YK7

— Rob Joyce (@RGB_Lights) January 10, 2020

Can’t emphasize enough – please please please do the mitigation steps for the Citrix exploit as soon as possible.

This is going to be a really bad one folks.

Easy to automate and exploit and is widely used across the Internet.

Mitigation here: https://t.co/jeF0UC6A9V

— Dave Kennedy (ReL1K) (@HackingDave) January 11, 2020

Proof-of-concept code broadly available

While attacks have been slowly climbing in intensity over the past few days, the security community believed things wouldn’t get out of hand, as attackers would still need to figure out a way to exploit vulnerable Citrix systems, lacking a public exploit.

This changed yesterday, on Friday night, when a group of security researchers calling themselves Project Zero India released the first proof-of-concept (PoC) exploit code for the CVE-2019-19781 vulnerability.

A few hours later, the team at TrustedSec followed with their own PoC. The TrustedSec team had developed their PoC earlier this week but refused to release it because it was aware that publishing the code on the internet would trigger a spike in exploitation attempts, something they did not want to do.

“We are only disclosing this due to others publishing the exploit code first,” TrustedSec said in a description of their tool on GitHub. “We would have hoped to have had this hidden for a while longer while defenders had appropriate time to patch their systems.”

The security firm hopes that companies use their tool to test their networks for vulnerable Citrix instances and if they configured the Citrix mitigation correctly.

They’ve also published a blog post on how to analyze Citrix systems for any possible compromise, just in case some companies have had the unfortunate luck to have already been hacked.

Additional technical write-ups analyzing the Citrix bug: Positive Technologies, MDSec, TrustedSec.


Credit: Zdnet

Previous Post

Technology Trends to Keep an Eye on in 2020

Next Post

#1 Commercial Lender Leads with Machine Learning

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
LabTwin’s CEO Magdalena Paluch Accepted into Forbes Technology Council to Share Insight on AI and Machine Learning for Scientists

#1 Commercial Lender Leads with Machine Learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets
Blockchain

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets

April 13, 2021
AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning

April 13, 2021
Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021
Neural Networks

Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021

April 13, 2021
The rise of headless and hybrid CMS: Tuesday’s daily brief
Digital Marketing

The rise of headless and hybrid CMS: Tuesday’s daily brief

April 13, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets April 13, 2021
  • AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning April 13, 2021
  • Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021 April 13, 2021
  • The rise of headless and hybrid CMS: Tuesday’s daily brief April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates