US Health Dept urges hospitals to patch critical Citrix Bleed bug

The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
Ransomware gangs are already using Citrix Bleed to breach their targets' networks by circumventing login requirements and multifactor authentication protections.
HHS' security team, the Health Sector Cybersecurity Coordination Center, issued a sector alert on Thursday urging all U.S. healthcare organizations to secure vulnerable NetScaler ADC and NetScaler Gateway devices against ransomware gangs' attacks.
"The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health sector. This alert contains information on attack detection and mitigation of the vulnerability," HC3 warned.
"HC3 strongly encourages users and administrators to review these recommended actions and upgrade their devices to prevent serious damage to the HPH sector."
Citrix issued two warnings asking admins to immediately patch their appliances.
It also reminded admins to kill all active and persistent sessions to prevent attackers from stealing authentication tokens even after installing the security updates.
Recently, CISA and the FBI also cautioned about the LockBit ransomware gang joining the attacks.
One of their victims, aerospace giant Boeing, shared details on how a LockBit affiliate breached its network in October using a Citrix Bleed exploit.
Cybersecurity expert Kevin Beaumont has been tracking and analyzing cyberattacks against various victims worldwide, including Boeing, the Industrial and Commercial Bank of China, DP World, and Allen & Overy, and found they were all likely breached using Citrix Bleed exploits.
Beaumont revealed on Friday that a U.S.-based managed service provider suffered a ransomware attack by a group exploiting a Citrix Bleed vulnerability over a week ago.
The MSP is still working to secure its vulnerable Netscaler appliances, which could potentially expose its clients' networks and data to further attacks.
Citrix patched the flaw in early October, but Mandiant later revealed that it has been under active exploitation as a zero-day since at least late August 2023.
On October 25, external attack surface management company AssetNote released a CVE-2023-4966 proof-of-concept exploit showing how session tokens can be stolen from unpatched Citrix appliances.
In mid-November, Japanese threat researcher Yutaka Sejiyama told BleepingComputer that over 10,000 Citrix servers were still vulnerable to Citrix Bleed attacks, more than one month after the critical flaw was patched.
"This urgent warning by HC3 signifies the seriousness to the Citrix Bleed vulnerability and the urgent need to deploy the existing Citrix patches and upgrades to secure our systems," said John Riggi, a cybersecurity and risk advisor for the American Hospital Association, a healthcare industry trade group that represents 5,000 hospitals and healthcare providers across the U.S. "This situation also demonstrates the aggressiveness by which foreign ransomware gangs, primarily Russian-speaking groups, continue to target hospitals and health systems. Ransomware attacks disrupt and delay health care delivery, placing patient lives in danger."
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately.
Citrix warns admins to kill NetScaler user sessions to block hackers.
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.
Citrix Bleed exploit lets hackers hijack NetScaler accounts.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 02 Dec 2023 16:50:18 +0000


Cyber News related to US Health Dept urges hospitals to patch critical Citrix Bleed bug

US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com
CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
7 years ago
HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
1 year ago Therecord.media
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com
US Health Dept Urges Hospitals to Patch Critical 'Citrix Bleed' Vulnerability - This week, the US Department of Health and Human Services has warned hospitals of the critical 'Citrix Bleed' Netscaler vulnerability that has been exploited by threat actors in cyberattacks. On Thursday, the department's security team, Health Sector ...
11 months ago Cysecurity.news
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
1 year ago Bleepingcomputer.com
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. The healthcare system manages two hospitals, an outpatient facility in ...
1 year ago Bleepingcomputer.com
Hospitals Must Treat Patient Data and Health With Equal Care - COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks. Patient data needs to be treated with as much care and sensitivity as the ...
10 months ago Darkreading.com
The Technology That's Remaking OU Health into a Top-Tier Medical Center - This, along with our desire to replace our electronic health record and revenue cycle system, contributed to OU Health's decision to completely overhaul our IT infrastructure in support of our long-term organizational needs. OU Health strives to ...
11 months ago Feedpress.me
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
9 months ago Securityweek.com
Randolph Health Announces Data Breach Stemming from Breached Employee Email Account - On April 10, 2024, American Healthcare Systems LLC d/b/a Randolph Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed a Randolph ...
7 months ago Jdsupra.com
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com
AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability - The alert from the Department of Health and Human Services Health Sector Cybersecurity Coordination Center on Nov. 30 and the AHA warning on Friday come amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit ...
11 months ago Cysecurity.news
Two more Citrix NetScaler bugs exploited in the wild The Register - Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution in the appliances' management interface. It ...
10 months ago Go.theregister.com
Tri-City Medical Center in Oceanside hit by cybersecurity attack - Tri-City Medical Center is diverting ambulance traffic to other hospitals Thursday as it copes with a cybersecurity attack that has forced it to declare "An internal disaster" as workers scramble to contain the damage and protect patient records. The ...
1 year ago Sandiegouniontribune.com
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
1 year ago Bleepingcomputer.com
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
1 year ago Therecord.media
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
1 year ago Windsorstar.com
Feds cough up 'voluntary' cybersecurity goals for hospitals The Register - Plus, you're going to be in for a world of hurt when new regulations - which will very likely mirror these voluntary practices - take effect, according to Taylor Lehmann, a director in Google Cloud's Office of the Chief Information Security Officer. ...
9 months ago Go.theregister.com
Hospitals ask courts to force cloud storage firm to return stolen data - Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack and now stored on the servers of a Boston cloud storage company. Carthage Area Hospital and Claxton-Hepburn Medical Center have ...
11 months ago Bleepingcomputer.com
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
9 months ago Darkreading.com
Swinfen Charitable Trust, UVA Health, Telemedicine AI, and MITRE Collaborate on Secure Global Health Telemedicine - PRESS RELEASE. McLean, Va., and Bedford, Mass., December 14, 2023 - To further support access to global health services, the Swinfen Charitable Trust, UVA Health, Telemedicine AI, and MITRE announced a new collaboration to enable medical cyber ...
11 months ago Darkreading.com
HHS to Investigate Change's Security in Wake of Crippling Cyberattack - The U.S. Department of Health and Human Services is opening an investigation into UnitedHealth and its Change Healthcare subsidiary following a ransomware attack that for three weeks has essentially shut down payments to health care providers and ...
8 months ago Securityboulevard.com
3CX warns customers to disable SQL database integrations - VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information ...
11 months ago Bleepingcomputer.com
1 million Corewell Health patients could be impacted by second data breach - GRAND RAPIDS, MI - About one million Corewell Health patients in southeast Michigan may have had their personal and medical information exposed in yet another nationwide data breach. Michigan Attorney General Dana Nessel on Tuesday, Dec. 26, ...
11 months ago Mlive.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)