Subj : Governments around the world are being hacked thanks to Citrix fl To : All From : TechnologyDaily Date : Thu Nov 02 2023 12:15:05 Governments around the world are being hacked thanks to Citrix flaws Date: Thu, 02 Nov 2023 12:00:54 +0000 Description: Someone's using Citrix Bleed to go after government endpoints and steal sensitive data. FULL STORY ====================================================================== Hackers are using the Citrix Bleed vulnerability in the wild to go after endpoints in government institutions, legal organizations, and other firms across the world. This is according to cybersecurity researcher Mandiant, who recently published a report describing at least four currently active campaigns. The campaigns allegedly started in late August this year. The threat actors are using Citrix Bleed, tracked as CVE-2023-4966, to target NetScaler ADC, and NetScaler Gateway appliances. The vulnerability has a 9.4 vulnerability score and is being used to grab personal information such as login credentials, and to allow for lateral movement across the compromised network. Dozens of tools The hackers are also apparently leaving behind very little evidence, making forensics a nightmare.In its analysis, though, Mandiant said it has discovered exploitation attempts and session hijacking via WAF request analysis, Windows Registry correlation, and Memory dump inspection. In late October, Citrix released a patch for the flaw and urged users to apply it, claiming the vulnerability was being abused in the wild. Prior to Citrixs reaction, both Mandiant and CISA warned about the flaw. Mandiant said hackers were probably using it to hijack authentication sessions and steal corporate data since August. CISA, on the other hand, wasnt that specific, saying the vulnerability was unknown but used in ransomware campaigns. In the meantime, someone posted a proof-of-concept on GitHub, called Citrix Bleed. Mandiant says hackers are using a handful of tools in their attacks, including net.exe for Active Directory reconnaissance, netscan.exe for internal network enumeration, 7-zip for compressing and encrypting reconnaissance data, FREEFIRE as a .NET backdoor, and AnyDesk for remote desktop management - to name a few. Not all of the tools are malicious by design, but in the wrong hands, they can cause quite a lot of damage. Via BleepingComputer More from TechRadar Pro Citrix urges users to patch immediately after serious bug discovered Here's a list of the best firewalls today These are the best endpoint protection tools around ====================================================================== Link to news story: https://www.techradar.com/pro/security/governments-around-the-world-are-being- hacked-thanks-to-citrix-flaws --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .