Vulnerability Management, Ransomware, Threat Intelligence
Widespread exploitation of Citrix Bleed flaw ongoing
Attacks leveraging the Citrix Bleed vulnerability, tracked as CVE-2023-4966, impacting Citrix NetScaler ADC and NetScaler Gateway appliances were noted by Cybersecurity and Infrastructure Security Agency Assistant Director for Cybersecurity Eric Goldstein to have been conducted by both state-sponsored threat operations and cybercrime groups, according to The Record, a news site by cybersecurity firm Recorded Future.
More than 300 organizations have already been alerted regarding Citrix Bleed, which still impacts thousands of entities, said Goldstein.
Meanwhile, an advisory from CISA, FBI, and Australian cybersecurity officials noted the exploitation of the flaw by LockBIt 3.0 ransomware in an attack against Boeing's parts and distribution business earlier this month.
"Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources," said the agencies, which urged the immediate separation and remediation of vulnerable NetScaler ADC and Gateway instances.
The U.S. has also moved to strengthen efforts to disrupt LockBit, according to a senior FBI official.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds