Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Explore the latest Citrix security updates, vulnerabilities, and best practices. Stay informed on protecting your Citrix environment with our insights.
Search across headline titles and summaries.
Background for this topic.
Citrix delivers virtualization and remote access platforms that enable users to run applications and desktops hosted on centralized servers. These technologies support remote work by providing virtualized environments accessible from various devices, often serving as gateways to internal corporate networks. Key components include virtual apps, desktops, and networking tools that facilitate secure connections to enterprise resources.
Citrix environments are critical security targets because vulnerabilities can allow attackers to bypass authentication, execute remote code, or escalate privileges, potentially leading to broader network compromise. Security risks increase with misconfigurations or delayed patching of known flaws. Defenders should prioritize timely updates, enforce strong multi-factor authentication, and monitor remote sessions for unusual activity to reduce exposure to exploitation attempts targeting Citrix infrastructure.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Multiple threat actor groups including Lockbit affiliates are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. [...]
LockBit and Nation-State Groups Using Session Tokens to Access Patched DevicesWith experts warning that NetScaler ADC and Gateway devices are being exploited by nation-state and cybercrime groups, the manufacturer has again urged all users to "patch immediately as well as terminate active sessions, which attackers can otherwise use to access devices even post-patch.
LockBit and Nation-State Groups Using Session Tokens to Access Patched DevicesWith experts warning that NetScaler ADC and Gateway devices are being exploited by nation-state and cybercrime groups, the manufacturer has again urged all users to "patch immediately as well as terminate active sessions, which attackers can otherwise use to access devices even post-patch.