1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Citrix servers hacked using zero-day exploit

    From TechnologyDaily@1337:1/100 to All on Wed Aug 16 11:15:03 2023
    Citrix servers hacked using zero-day exploit

    Date:
    Wed, 16 Aug 2023 11:00:58 +0000

    Description:
    Roughly 2,000 servers were compromised using a high-severity flaw.

    FULL STORY ======================================================================

    Roughly 2,000 Citrix NetScaler servers were compromised in what appears to be a large-scale attack against the endpoints. This is according to a new report from cybersecurity researchers Fox-IT, part of NCC Group.

    In its report, Fox-IT says the unnamed threat actor leveraged a high-severity vulnerability first discovered in mid-July to breach the servers. The vulnerability is being tracked as CVE-2023-3519, and holds a severity score
    of 9.8.

    It allows threat actors to run code remotely on Citrix NetScaler ADC and NetScaler Gateway. Even though it was disclosed a month ago, hackers managed to use it as a zero-day. Indicators of compromise

    On the day the report was published (August 14), Fox-IT said 1,828 NetScaler servers were compromised, despite the fact that 1,248 were previously patched against the flaw.

    A patched NetScaler can still contain a backdoor, the researchers explained. It is recommended to perform an Indicator of Compromise check on your NetScalers, regardless of when the patch was applied. Read more

    Citrix urges admins to patch these dangerous flaws immediately


    Hackers are targeting US critical infrastructure using this Citrix
    zero-day


    These are the best malware removal tools around

    Citrix NetScaler is a web application delivery controller (ADC) that speeds
    up apps, reduces web app ownership costs, and ensures higher app
    availability. According to WhiteHat Virtual Technologies , as of 2021 there were over 200,000,000 sites using Citrix NetScalers, including tech giants such as Microsoft, eBay, Weather.com, CNET, and MasterCard.

    Given the fact that even patched servers were still compromised, users are advised to secure forensic data, a SiliconANGLE report states. Fox-ITs researchers recommend users make a forensic copy of both the disk and the memory of the appliance, before deciding on any course of action. In case of
    a Citrix appliance being installed on a hypervisor, users can make a
    snapshot, as well.

    Those that find a web shell in their premises should analyze if it was used, and to what end. Here are the best firewalls to keep your business protected

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/citrix-servers-hacked-using-zero-day-exploit


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)