Security
Headlines
HeadlinesLatestCVEs

Headline

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.

DARKReading
#vulnerability#intel#auth

Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild.

The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32.

“Both must be configured with an SAML SP or IdP configuration to be affected,” Citrix noted in its security update.

The National Security Agency (NSA) issued its own warning that the China-linked APT5 threat group has been actively targeting Citrix ADCs to bypass authentication controls to breach organizations. It also provided threat hunting guidance for security teams, and asked for intelligence sharing among the public and private sectors.

“The indicators and context from this analysis can be used by organizations for defensive purposes against this malicious activity,” the NSA announced. “NSA requests that any additional insights and/or discoveries be shared with the NSA Cybersecurity Collaboration Center in order to enhance understanding of this activity and so that it can be used to improve the overall security posture of the Defense Industrial Base, DoD, and USG.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and

DARKReading: Latest News

Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel