November 9, 2023 at 09:09AM A malvertising campaign is targeting users searching for CPU-Z by serving malicious ads that redirect them to a fake Windows news portal. The campaign also cloaks itself by showing innocuous content to those not targeted. The rogue website contains a malicious script that deploys RedLine Stealer. Similar deceptive Google Ads … Read more
October 24, 2023 at 05:04PM Citrix has issued an urgent fix for a critical information disclosure bug, CVE-2023-4966, affecting NetScaler ADC and NetScaler Gateway, revealing that the exploit has been actively used. GitHub now hosts a proof-of-concept exploit named Citrix Bleed. Organizations using affected builds should assume they have been compromised, apply the update, and … Read more
October 23, 2023 at 02:22PM Citrix warns admins to immediately secure NetScaler ADC and Gateway appliances against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The vulnerability allows unauthenticated attackers to remotely exploit systems without user interaction. Mandiant reported that threat actors have been using this zero-day vulnerability to steal authentication sessions and hijack accounts since late … Read more
October 18, 2023 at 09:15AM Citrix has issued a warning about a critical security flaw in its NetScaler ADC and Gateway appliances, known as CVE-2023-4966. The vulnerability could expose sensitive information and requires devices to be configured as a Gateway or AAA virtual server for exploitation to occur. Patches were released on October 10, 2023, … Read more
October 18, 2023 at 07:00AM A critical vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway has been exploited as a zero-day since August, according to Google’s Mandiant cybersecurity unit. The flaw allows attackers to leak sensitive information without authentication. Citrix released patches on October 10 and updated their advisory to warn customers of the observed … Read more
October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 11:55AM Citrix NetScaler ADC and NetScaler Gateway are affected by two vulnerabilities, CVE-2023-4966 and CVE-2023-4967. The first flaw allows for the disclosure of sensitive information, while the second can lead to denial of service. Upgrading to the recommended fixed versions is advised. Version 12.1 has reached end-of-life and no longer receives … Read more