All articles tagged with #citrix
CISA has added three actively exploited vulnerabilities affecting Citrix Session Recording and Git to its KEV catalog, with patches already available for two of the Citrix flaws and a proof-of-concept exploit released for the Git vulnerability. Federal agencies are required to implement mitigations by September 15, 2025.
The US CISA has confirmed that the critical security flaw CVE-2025-5777, dubbed CitrixBleed 2, is actively being exploited to hijack user sessions, with attackers targeting NetScaler devices. Despite Citrix's initial reassurance, security researchers have demonstrated that the vulnerability can bypass multi-factor authentication and access sensitive data, and recent telemetry indicates ongoing exploitation and increased scanning activity. The scope of affected victims remains unclear, and Citrix has not provided further comment.
New security flaws in Citrix Virtual Apps and Desktop could allow unauthenticated remote code execution (RCE) due to misconfigured MSMQ permissions and the use of BinaryFormatter for deserialization. The vulnerabilities, CVE-2024-8068 and CVE-2024-8069, require attackers to be authenticated users within the same Windows Active Directory domain. Citrix has released patches for affected versions, and Microsoft advises against using BinaryFormatter due to its security risks.
CISA has directed U.S. federal agencies to address recently patched Citrix NetScaler and Google Chrome zero-day vulnerabilities, with a focus on fixing a Citrix remote code execution (RCE) bug within a week. Citrix has advised immediate patching of affected appliances, and CISA has mandated specific timelines for patching vulnerable devices within federal agencies. The cybersecurity agency has also urged all organizations, including private companies, to prioritize patching these security flaws.
Citrix, VMware, and Atlassian have all been hit with critical security vulnerabilities, with Citrix warning of two zero-day flaws being actively exploited in the wild in its NetScaler ADC and NetScaler Gateway products, VMware alerting customers of a critical security vulnerability in Aria Automation, and Atlassian releasing patches for over two dozen vulnerabilities, including a critical remote code execution flaw impacting Confluence Data Center and Confluence Server. Users are advised to patch their systems immediately to mitigate the risks.
Citrix has warned customers to immediately patch their Netscaler ADC and Gateway appliances against two actively exploited zero-day vulnerabilities, CVE-2023-6548 and CVE-2023-6549, which can lead to remote code execution and denial-of-service attacks. The vulnerabilities impact the Netscaler management interface and affect specific product versions. Citrix advises affected customers to install updated versions, separate the management interface from normal network traffic, and avoid exposing it to the internet to reduce the risk of exploitation. Additionally, a previous critical Netscaler flaw, CVE-2023-4966, was also exploited as a zero-day, prompting alerts from organizations like HHS' Health Sector Cybersecurity Coordination Center to secure their Netscaler instances against ransomware attacks.
Xfinity, a subsidiary of Comcast, has experienced a data breach that has exposed the personal information of nearly 36 million customers. The breach was caused by a vulnerability in the software system Citrix. While Xfinity has not detected any major leaks or attacks on customers, they are urging users to change their usernames and passwords and enable multifactor authentication. Cybersecurity experts recommend monitoring credit scores and bank information, especially for those who use the same passwords across multiple accounts. Xfinity has launched an investigation into the breach, and Citrix is facing a class action lawsuit.
Hackers exploited a vulnerability in a third-party vendor, Citrix, that serviced Xfinity, potentially compromising the personal information of approximately 36 million customers. Xfinity initially patched the system, but unauthorized access to internal systems occurred between October 16 and October 19, 2023, resulting in the likely acquisition of customer data. Stolen information includes usernames, passwords, names, contact information, last four digits of social security numbers, dates of birth, and secret questions. Xfinity advises customers to reset their passwords and emphasizes its commitment to protecting customer information. Comcast, Xfinity's parent company, has not commented on the incident, and Citrix has yet to respond to requests for comment.
Comcast has disclosed a significant data breach at Xfinity, potentially impacting around 36 million accounts. The breach was caused by a vulnerability in software provided by Citrix, which exposed usernames, hashed passwords, and, for some customers, personal information such as names, contact details, partial social security numbers, dates of birth, and secret questions and answers. Comcast has patched the vulnerability and required customers to reset their passwords, while urging them to enable two-factor or multi-factor authentication. The company is working with law enforcement and conducting an investigation into the breach.
Comcast disclosed that millions of its customers may have had their data stolen in a hacking incident due to a vulnerability in software provider Citrix. The breach occurred between October 16 and October 19, 2023, and unauthorized access to internal systems was discovered in November. The stolen information includes usernames, hashed passwords, and potentially additional personal details. Comcast estimates that over 35 million customers were impacted, but the extent of data taken from each customer is unclear. The company has advised customers to reset their passwords and consider adding multifactor authentication. Large companies, including those in the entertainment industry, face constant cybersecurity threats, and experts suggest that remote work during the pandemic may increase the occurrence of hacks.
Xfinity, the cable communications company, has disclosed a data breach after attackers breached one of its Citrix servers in October. The breach, which exploited a vulnerability known as Citrix Bleed, resulted in the theft of customer-sensitive information, including usernames, hashed passwords, and potentially other personal details such as names, contact information, and social security numbers. Xfinity has asked affected users to reset their passwords, although some customers reported receiving password reset requests without explanation. This incident follows a previous credential stuffing attack on Xfinity accounts a year ago. The company claims that its operations were not impacted, and it has not received any ransom demands.