Thursday , November 26 2020

As attacks begin, Citrix ships patch for VPN vulnerability, Ars Technica

      Knock, knock –


Hundreds of US government agencies have vulnerable VPNs, data shows.


       Jan 41, (5:) (UTC UTC)


The patches are for versions

. 1 and . 0 of the products, formerly marketed under the NetScaler name. Other patches will be available on January 24. These patches follow instructions for temporary fixes the company provided to deflect the crafted requests associated with the vulnerability, which could be used by an attacker to gain access to the networks protected by the VPNs.

Fermin J. Serna, chief information security officer at Citrix, announced the fixes in a blog post on Sunday. At the same time, Serna revealed that the vulnerability — and the patches being released — also applied to Citrix ADC and Citrix Gateway Virtual Appliances hosted on virtual machines on all commercially available virtualization platforms, as well as those hosted in Azure, Amazon Web Services, Google Compute Platform, and Citrix Service Delivery Appliances (SDXs).

Lots to patch

That makes for lots of work over the next few weeks for Citrix customers, which include thousands of government agencies, educational institutions, hospitals , and major corporations worldwide.

As of last week, according to data provided by Bad Packets to Ars Technica, over , 0 servers were still vulnerable to the crafted request. The data, including information on potentially vulnerable government VPN gateways, was shared by Bad Packets with the Cybersecurity and Infrastructure Security Agency. They included a gateway associated with a DOD civilian personnel system, the US Census service, and a number of local law enforcement agencies.

Inevitably, hundreds of Citrix VPN servers will remain vulnerable for weeks or months. Some are already being attacked, according to

reports from FireEye

Many of the exploits thus far have installed low-impact malware, including cryptocurrency mining software. But based on what happened with last year Pulse Secure vulnerability , ransomware operators and other cybercriminals will soon join the hunt.

Meanwhile, a member of the group operating the REvil ransomware campaign recently acknowledged that the group had attacked Travelex


About admin

Check Also

Matheus-Garbelini / esp32_esp8266_attacks, Hacker News

Matheus-Garbelini / esp32_esp8266_attacks, Hacker News

Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588) ESP32/ESP8266 Wi-Fi Attacks This repository is to demonstrate 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices: Zero PMK Installation (CVE-2019-12587) - Hijacking ESP32/ESP8266 clients connected to enterprise networks; ESP32/ESP8266 EAP client crash (CVE-2019-12586) - Crashing ESP devices connected to enterprise networks; ESP8266 Beacon Frame…

Leave a Reply

Your email address will not be published. Required fields are marked *