Search
1000 results for “neoscaler”
-
Citrix have a blog out about hunting for #CitrixBleed2
It's what was in my earlier blog - look for invalid characters in the username field and duplicate sessions with different IPs
-
GreyNoise blog just out about #CitrixBleed2, they see exploitation from IPs in China from June 23rd targeting specifically Netscaler appliances https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc
-
"⚠️ #Updated: Citrix CVE-2023-3519 Exploitation - Webshells Implanted! ⚠️"
Initial Release Date: July 20, 2023
The CISA has updated the alarm on CVE-2023-3519, a severe RCE vulnerability in NetScaler (Citrix) ADC & Gateway. In June 2023, threat actors exploited this as a zero-day, compromising a critical infrastructure organization. They planted a webshell, enabling AD reconnaissance & data exfiltration. Thankfully, network-segmentation controls halted their lateral movement. Citrix has since released a patch. Stay vigilant!
Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. Threat actors exploited this vulnerability as a zero-day in June 2023, compromising a critical infrastructure organization's non-production environment NetScaler ADC appliance. The attackers planted a webshell, enabling them to perform Active Directory (AD) reconnaissance and data exfiltration. Although they attempted lateral movement to a domain controller, network-segmentation controls prevented their progress. Citrix released a patch on July 18, 2023.Technical Details:
- CVE-2023-3519: This unauthenticated RCE vulnerability impacts various versions of NetScaler ADC and NetScaler Gateway. The affected appliance must be configured as a Gateway or for authentication, authorization, and auditing (AAA) to be exploited.
Threat Actor Activity (Victim 1):
- Initial exploit chain involved uploading a TGZ file containing a webshell, discovery script, and setuid binary.
- The webshell was used for AD enumeration and data exfiltration.
- NetScaler configuration files and decryption keys were accessed.
- Actors queried AD data and encrypted discovery data for exfiltration.
- Attempts to move laterally and delete artifacts were blocked by network-segmentation controls.
Update September 6, 2023: Victim 2:
- Actors uploaded a PHP webshell, gained root access, and conducted AD queries.
- Exfiltrated data and deleted files and logs.
- Used compromised pfSense devices for command and control (C2).
Additional Observed Activity:
- Actors leveraged open source webshells and tools for various purposes, including exfiltration, persistence, and tampering with monitoring tools.
- Modified open-source tools to capture and exfiltrate credentials.
- Deployed tunnellers for encrypted reverse TCP/TLS connections.
- Employed Sysinternals ADExplorer for AD reconnaissance.
Update September 6, 2023:
The advisory was updated with additional techniques, including infrastructure compromise, tool acquisition, scripting interpreter usage, autostart execution, multi-hop proxying, file deobfuscation, permissions modification, defense impairment, indicator removal, masquerading, data staging, and protocol tunneling.Organizations are urged to apply the provided patches by Citrix and implement the detection guidance to identify potential system compromises. Incident response recommendations are included in the advisory for confirmed compromises, while vigilant monitoring and security measures are advised to prevent further exploitation.
Source: CISA Advisory - AA23-201A
Tags: #Cybersecurity #Citrix #CVE20233519 #NetScaler #ZeroDay #Webshell #DataExfiltration #PatchNow #StaySafe
-
🚨 CVE-2025-6543 exploited in the Netherlands 🚨
NCSC warns Citrix NetScaler zero-day (memory overflow) breached critical orgs since May 2025.
Remote code execution
Wiped logs to hide attacks
Public Prosecution Service impacted
Patch → 14.1-47.46+ / 13.1-59.19+
-
🚨 CVE-2025-6543 exploited in the Netherlands 🚨
NCSC warns Citrix NetScaler zero-day (memory overflow) breached critical orgs since May 2025.
Remote code execution
Wiped logs to hide attacks
Public Prosecution Service impacted
Patch → 14.1-47.46+ / 13.1-59.19+
-
🚨 CVE-2025-6543 exploited in the Netherlands 🚨
NCSC warns Citrix NetScaler zero-day (memory overflow) breached critical orgs since May 2025.
Remote code execution
Wiped logs to hide attacks
Public Prosecution Service impacted
Patch → 14.1-47.46+ / 13.1-59.19+
-
A critical Citrix flaw is leaving Dutch organizations wide open—hackers exploited a zero-day before patches were ready, paving the way for remote control of unpatched systems. Are your defenses up?
#citrixnetscaler
#cve20256543
#cybersecurity
#netherlands
#zeroday -
A critical Citrix flaw is leaving Dutch organizations wide open—hackers exploited a zero-day before patches were ready, paving the way for remote control of unpatched systems. Are your defenses up?
#citrixnetscaler
#cve20256543
#cybersecurity
#netherlands
#zeroday -
A critical Citrix flaw is leaving Dutch organizations wide open—hackers exploited a zero-day before patches were ready, paving the way for remote control of unpatched systems. Are your defenses up?
#citrixnetscaler
#cve20256543
#cybersecurity
#netherlands
#zeroday -
Citrix's NetScaler is under fire—a memory overflow flaw (CVE-2025-6543) lets attackers trigger DoS without any authentication. Are your systems patched and ready for this critical threat?
-
Citrix's NetScaler is under fire—a memory overflow flaw (CVE-2025-6543) lets attackers trigger DoS without any authentication. Are your systems patched and ready for this critical threat?
-
Citrix's NetScaler is under fire—a memory overflow flaw (CVE-2025-6543) lets attackers trigger DoS without any authentication. Are your systems patched and ready for this critical threat?
-
🔵 THREAT INTELLIGENCE
Critical Citrix NetScaler memory flaw actively exploited in attacks
Vulnerability | CRITICAL
CVEs: CVE-2026-3055Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to...
Full analysis:
https://www.yazoul.net/news/news/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks -
🔵 THREAT INTELLIGENCE
Critical Citrix NetScaler memory flaw actively exploited in attacks
Vulnerability | CRITICAL
CVEs: CVE-2026-3055Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to...
Full analysis:
https://www.yazoul.net/news/news/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks -
POC for CVE-2023-4966 - Info disclosure in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
Related blog post: https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
#pentesting #redteam #hacking #CVE_2023_4966 #CVE_2023_4966 #CVE20234966
-
Citrix: как протокол из 90-х стал частью инфраструктуры, от которой не отказаться
Есть технологии, которые выбирают. А есть те, от которых уже не отказаться. Citrix — из второй категории. Он не побеждал в обзорах и не захватывал рынок агрессивным маркетингом. Он врастал в корпоративную инфраструктуру годами — тихо, глубоко и, по ощущениям многих ИТ-директоров, необратимо. Банк с пятьюдесятью тысячами сотрудников обсуждает удалённый доступ — обсуждение начинается с Citrix. Фармацевтическая компания строит систему для клинических испытаний в двадцати странах — архитектор рисует схему с Citrix в центре. Государственное ведомство требует, чтобы данные не покидали периметр, но доступ был из любой точки — опять Citrix. Это не фанатизм. Это результат тридцати пяти лет работы над задачей, у которой нет простого альтернативного решения: дать человеку полноценное рабочее место, не отдавая ему данные.
https://habr.com/ru/articles/1013870/
#Citrix #VDI #HDX #ICA #виртуализация_рабочих_столов #импортозамещение #NetScaler #Remote_Desktop #Citrix_DaaS #VDI_в_России
-
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard - Enlarge (credit: Getty Images)
A vulnerability that allows att... - https://arstechnica.com/?p=1979860 #netscalerapplicationdeliverycontroller #netscalergateway #vulnerability #security #biz #citrix
-
В фокусе RVD: трендовые уязвимости августа
Хабр, привет! На связи команда инженер-аналитиков отдела по инструментальному анализу защищенности компании R-Vision. Мы подготовили свежий дайджест трендовых уязвимостей, обнаруженных в августе 2025 года. В нём собраны наиболее опасные уязвимости, которые уже сейчас активно эксплуатируются в атаках и их устранение должно быть в приоритете.
https://habr.com/ru/companies/rvision/articles/943020/
#уязвимости #информационная_безопасность #кибербезопасность #управление_уязвимостями #vulnerability_management #эксплуатация_уязвимостей #обновление_безопасности #winrar #citrix_netscaler
-
В фокусе RVD: трендовые уязвимости августа
Хабр, привет! На связи команда инженер-аналитиков отдела по инструментальному анализу защищенности компании R-Vision. Мы подготовили свежий дайджест трендовых уязвимостей, обнаруженных в августе 2025 года. В нём собраны наиболее опасные уязвимости, которые уже сейчас активно эксплуатируются в атаках и их устранение должно быть в приоритете.
https://habr.com/ru/companies/rvision/articles/943020/
#уязвимости #информационная_безопасность #кибербезопасность #управление_уязвимостями #vulnerability_management #эксплуатация_уязвимостей #обновление_безопасности #winrar #citrix_netscaler
-
В фокусе RVD: трендовые уязвимости августа
Хабр, привет! На связи команда инженер-аналитиков отдела по инструментальному анализу защищенности компании R-Vision. Мы подготовили свежий дайджест трендовых уязвимостей, обнаруженных в августе 2025 года. В нём собраны наиболее опасные уязвимости, которые уже сейчас активно эксплуатируются в атаках и их устранение должно быть в приоритете.
https://habr.com/ru/companies/rvision/articles/943020/
#уязвимости #информационная_безопасность #кибербезопасность #управление_уязвимостями #vulnerability_management #эксплуатация_уязвимостей #обновление_безопасности #winrar #citrix_netscaler
-
📢 Alerte NCSC NL: faille critique Citrix NetScaler (CVE-2025-6543) exploitée contre des organisations critiques
📝 Source: BleepingCompu...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-11-alerte-ncsc-nl-faille-critique-citrix-netscaler-cve-2025-6543-exploitee-contre-des-organisations-critiques/
🌐 source : https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
#CVE_2025_6543 #Citrix_NetScaler #Cyberveille -
📢 Alerte NCSC NL: faille critique Citrix NetScaler (CVE-2025-6543) exploitée contre des organisations critiques
📝 Source: BleepingCompu...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-11-alerte-ncsc-nl-faille-critique-citrix-netscaler-cve-2025-6543-exploitee-contre-des-organisations-critiques/
🌐 source : https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
#CVE_2025_6543 #Citrix_NetScaler #Cyberveille -
📢 Alerte NCSC NL: faille critique Citrix NetScaler (CVE-2025-6543) exploitée contre des organisations critiques
📝 Source: BleepingCompu...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-11-alerte-ncsc-nl-faille-critique-citrix-netscaler-cve-2025-6543-exploitee-contre-des-organisations-critiques/
🌐 source : https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
#CVE_2025_6543 #Citrix_NetScaler #Cyberveille -
📢 Alerte NCSC NL: faille critique Citrix NetScaler (CVE-2025-6543) exploitée contre des organisations critiques
📝 Source: BleepingCompu...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-11-alerte-ncsc-nl-faille-critique-citrix-netscaler-cve-2025-6543-exploitee-contre-des-organisations-critiques/
🌐 source : https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
#CVE_2025_6543 #Citrix_NetScaler #Cyberveille -
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry :awesome:
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report
-
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry :awesome:
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report
-
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry :awesome:
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report
-
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry :awesome:
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report
-
❗️#CERTWarnung❗️
Eine #Schwachstelle in #Citrix NetScaler ADC und Gateway (CVE-2023-4966) wird aktiv ausgenutzt. Entfernte Angreifende können ohne Authentifizierung an sensible Informationen wie Zugangsdaten gelangen. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-275276-1032 -
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
#CVE_2026_3055
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/