Citrix Bleed, a critical flaw in Citrix Systems software, is being exploited by government-backed hackers and critical groups, including the notorious hacking gang LockBit, with a focus on the thousands of users that have yet to apply a patch that was released by the firm last month.
U.S. Cybersecurity and Infrastructure Security Agency's Eric Goldstein said the agency is assisting the unidentified victims.
Unit 42, the research arm of the cybersecurity firm Palo Alto Networks, said the bug can leak sensitive information, including "session tokens," from a device's memory.
Unit 42 noted that at least 6,000 IP addresses, mainly in the U.S., remained vulnerable as of Nov. 1.
In addition to patching the flaw, Citrix recommended users kill "all active and persistent sessions."
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA
No entries found