Spotify reportedly makes users’ private playlists public
In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. […] Read More
The Python Package Index will require developers to better secure their accounts as cyberattacks ramp up, but protecting the software supply chain will take more…
Citrix Warns Admin to Kill Active or Persistent Sessions to Thwart Hackers
As previously reported, CVE-2023-4966 was discovered and published by Citrix. This vulnerability affected Citrix NetScaler Gateway and ADC devices. Following this, AssetNote published a proof-of-concept for this vulnerability named “CitrixBleed.”
However, this vulnerability was discovered to be exploited by threat actors in the wild by the middle of October and was added to the Known Exploited Vulnerability Catalogue by the CISA.
Recently, it was reported that the LockBit ransomware group targets this vulnerability to target Vulnerable Citrix ADCs.
Citrix published a security advisory urging its users to patch this vulnerability and run certain commands to ensure no malicious session is active on the affected devices.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
Recommendations from Citrix
Citrix recommended its users to run the following commands after patching the vulnerable version of devices in order to terminate all the active sessions on the device.
To investigate further on the affected device, Citrix recommends the following steps.
Look for patterns of suspicious session use in your organization’s monitoring and visibility tools, particularly relating to virtual desktops.
Review the ‘SSLVPN TCPCONNSTAT’ logs that contain mismatching ‘Client_ip’ and ‘Source’ IP addresses
Remove these core dumps, located in /var/core, after a forensic investigation on the affected instance to avoid filling the partition.
For NetScaler ADM users, Citrix recommends exploring the security features in ADM like security advisory, Upgrade advisory, and File Integrity monitoring features to reduce the mean time to patch.
A complete report about the investigation recommendation and precautionary steps has been released by Citrix, providing detailed information on the steps and their uses.
It is recommended for Citrix NetScaler users to patch vulnerable instances to prevent them from getting exploited by threat actors.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
US agencies warn organizations to be alert for deepfakes. Current themes in Russian disinformation. Reacting to the strike against Russian naval units in Sevastopol.
US agencies warn organizations to be alert for deepfakes. Current themes in Russian disinformation. Reacting to the strike against Russian naval units in Sevastopol. Read More