The scope of the Citrix Bleed vulnerability is likely larger than thought. New insight suggests that the vulnerability was exploited well before it was discovered and fixed in October this year. This is what CISA indicates to Bloomberg.
According to Bloomberg, a representative of U.S. cybersecurity regulator CISA recently stated that the scope of the infamous Citrix Bleed vulnerability may be larger than previously thought.
Citrix disclosed the vulnerability on Oct. 10 and produced a patch for it. Through the Citrix Bleed vulnerability, hackers can penetrate an affected system and steal sensitive data via memory.
These include “session tokens” that can identify and authorize users of a particular Web site or service without providing a password.
Misuse earlier than indicated
Although Citrix indicated that the vulnerability had not been exploited at that time, several security specialists discovered that it had been as of August 2023, and the attacks continue. This is now confirmed by CISA.
Although Citrix called on its customers to patch quickly, this did not have immediate results, Many security companies continued to discover that thousands of Internet-accessible and, therefore, vulnerable Ciritix applications have not yet implemented the patch. Moreover, other steps need to be taken in addition to the patch.
Locbit 3.0 abuses Citrix Bleed
The attackers may also include many well-known ransomware gangs. LockBit 3.0 in particular is suspected of exploiting the Citrix vulnerability in a big way. This ransomware gang would target financial institutions in particular, says industry association FS-ISAC.
The recent ransomware attack on Boeing may also have been a result of the Citrix Bleed vulnerability. The regulator CISA is now actively investigating whether this vulnerability played a role in certain recent hacks and as of when.
Citrix is not commenting on Bloomberg’s reporting.
Also read: New vulnerabilities found in NetScaler Gateway and ADC
1 day ago
