November 2, 2023
Citrix Bleed (CVE-2023-4966) - Quick update on a serious vulnerability - WST
Citrix NetScaler ADC and NetScaler Gateway products have been in the news recently regarding a critical information disclosure vulnerability, with Citrix disclosing the issue and releasing a patch for the flaw on October 10. Note that even if your team patched and rebooted these systems, it’s possible that bad actors already absconded with session tokens prior to patching, and these tokens are still valid, even after updates are applied. If additional steps weren’t performed to kill existing sessions, these tokens can be used to access your network - again, on a fully patched system, and ransomware groups are actively exploiting this. For more details, see the “Recommended next steps” at https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ .
Authored by: David Matt, CISSP, CEH
You May Want to Read More:
Wanted: Information Security Officer - WST
October 6, 2023
Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals....
Here Comes Passkeys! - WST
September 29, 2023
The next version of Windows 11 (23H2) due October 2023 adds support for passkeys. Google also added passkey support for Google accounts back in....
Security Incident Notification Rule and Service Providers - WST
September 21, 2023
Back in November of 2021, the OCC, FRB, and FDIC jointly issued a final rule requiring banking....