home.social

#citrixbleed — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #citrixbleed, aggregated by home.social.

  1. #Citrix Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of #CitrixBleed!

    Defenders need to act quickly. Patch Now!
    👇
    thehackernews.com/2026/03/citr

  2. Perhaps the EU should only allow Tailscale like VPN's for remote connectivity... #citrixbleed

  3. Critical #CitrixBleed 2 #vulnerability has been under active #exploit for weeks

    A critical vulnerability allowing #hackers to bypass #multifactor #authentication in network management devices made by #Citrix has been actively #exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild #exploitation.
    #security #privacy

    arstechnica.com/security/2025/

  4. #MOVEit, #Capita, #CitrixBleed and more: The biggest #data #breaches of #2023

    Hackers had a busy year exploiting popular file-transfer tools and targeting under-resourced organizations

    techcrunch.com/2023/12/27/move

  5. The Church of Sweden(Svenska Kyrkan) was ransomwared on the 23rd of November. This is now being attributed to BlackCat.

    Here's a #Citrixbleed vulnerable server serving a wildcard cert for *.svenskakyrkan.se, last scanned by Shodan on the 23rd. Probably not related at all

  6. #Comcast Xfinity data breach affects over 35 million people

    A #CitrixBleed fatality.

    Data accessed includes customer usernames and hashed* passwords. Xfinity is forcing password changes next time you sign into an account.

    In some cases data accessed may include:

    - Last 4 of SSN
    - DOBs
    - Secret Questions / Answers exposed

    #cybersecurity #security #infosec #xfinity

    theverge.com/2023/12/18/240070

  7. Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price - Enlarge / A Comcast Xfinity service van in San Ramon, California on Feb... - arstechnica.com/?p=1992160 #networkbreach #citrixbleed #security #comcast #xfinity #biz&it

  8. #Comcast has disclosed a #CitrixBleed-related data breach which affected 35 million #Xfinity customers. The impacted info included names, contact information, last four digits of social security numbers, dates of birth and secret questions and answers.

    @GossiTheDog

    apps.web.maine.gov/online/aevi

  9. CTS, a cloud provider for legal firms in the UK, who were late patching #CitrixBleed, have appeared on Cactus ransomware's portal today.

    They're offering downloads of CTS customer data. #threatintel

  10. Two days left to patch those Netscalers against #Citrixbleed before you're on change freeze for a month!

  11. Great take on HHS's #CitrixBleed alert in a recent edition of SANS NewsBites.

  12. Am 28. November 2023 gab es einen unerwünschten Fernzugriff auf das #KlinikumEsslingen. Eine unbekannte Person hat laut Angaben eine #Sicherheitslücke in #Citrix ausgenutzt und bekam für eine kurze Zeit Zugriff auf die IT-Infrastruktur vom Klinikum.

    netzsicherheit.info/02/12/2023

    #CitrixBleed #Esslingen

  13. 🚨 Une faille critique nommée Citrix Bleed (CVE-2023-4966) affecte les systèmes Citrix NetScaler, permettant le détournement de sessions authentifiées et la contournement de l'authentification à facteurs multiples. Plusieurs grandes entreprises, dont Boeing et Allen & Overy, ont été ciblées par des cyberattaques exploitant cette vulnérabilité, avec des suspicions de cyberespionnage et des actions criminelles par des groupes comme LockBit 3.0. 🛡️ Il est urgent de vérifier et sécuriser les systèmes Citrix pour se prémunir contre ces menaces qui restent actives. #CyberSécurité #CitrixBleed #CVE2023-4966
    lemagit.fr/actualites/36655955

  14. After Industrial and Commercial Bank of China ransomware attack, U.S. Treasury trades settled by bike messengers with flash drives.

    #ICBC Financial Services confirmed it suffered a #ransomware attack. The Russian #LockBit scrotes have been fingered as perps (or possibly a RaaS customer of theirs).

    #CitrixBleed (CVE-2023-4966) might have been the vector. In today’s #SBBlogwatch, we check everything’s patched. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2023/11/

  15. Had a very interesting vuln disclosure experience today. I found a pre-auth RCE in F5-BIGIP admin panels (yes...the same one that's had RCE issues for years - there's more) with my coworker Thomas Hendrickson.

    We went to report to F5 at the beginning of the month and had some back and forth with them over the disclosure timeline. We're not in a rush, we figured it would take a month or two to disclose, but they wanted to publish it in February 2024. That's a long time to wait for a pre-auth RCE bug, so we asked for it to be sooner, but with 48 hours notice so we could coordinate with our customers appropriately. They said they were fine with that.

    Then last night at 8PM ET, we get an email that they're dropping the advisory + hotfix in 16 hours. We asked why and were told "we believe this vulnerability is now known outside of F5 and Praetorian thus forcing our hands at an immediate disclosure". The advisory was published a few hours ago - my.f5.com/manage/s/article/K00. No patch, but there's a hotfix you can run on some versions of F5s. A few versions have been marked as "will not fix", so this is a permanent way to pop them.

    Simultaneously, a blog post that we referenced heavily for AJP Request Smuggling disappeared off the internet (the author locked every post they'd made since 2016). The posts were live 10 days or so ago.

    It's likely all a huge coincidence - but regardless, if you want to read about a bug-chain to pop internet exposed F5 Management Panels or learn about AJP Request Smuggling, take a look over at praetorian.com/blog/refresh-co.

    Once the patch has had a little bit of time to be applied, we'll drop the rest of the technical information about the bug.

    If anyone here is aware of this being exploited in the wild, I'd love to hear about it. Tagging a few folks who are a bit more in the know (apologies if this is spammy, but I'm curious).

    On the IoC side it's a bit tricky because the bug relies on abusing a bug in Apache, so I have no idea what it actually looks like in the logs. The raw request will have "Transfer-Encoding: <a valid value>, chunked" as one of the headers. For example "Transfer-Encoding: gzip, chunked" or "Transfer-Encoding: chunked, chunked".

    I know it's no #citrixbleed, but this is a pretty bad bug if you're one of the thousands of orgs that still has an F5 config panel on the internet.

    @GossiTheDog
    @greynoise

    #f5 #rce #vr #requestSmuggling #ajp #disclosure

  16. "🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

    A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

    Source: BleepingComputer

    Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

    Author: Bill Toulas

  17. "🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

    A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

    Source: BleepingComputer

    Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

    Author: Bill Toulas

  18. "🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

    A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

    Source: BleepingComputer

    Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

    Author: Bill Toulas

  19. "🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

    A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

    Source: BleepingComputer

    Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

    Author: Bill Toulas

  20. "🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

    A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

    Source: BleepingComputer

    Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

    Author: Bill Toulas