This week, the US Department of Health and Human Services has warned hospitals of the critical 'Citrix Bleed' Netscaler vulnerability that has been exploited by threat actors in cyberattacks.
On Thursday, the department's security team, Health Sector Cybersecurity Coordination Center, issued an alert where it urged all U.S. healthcare businesses to protect their NetScaler ADC and NetScaler Gateway equipment from ransomware gang invasions.
Prior to the aforementioned warning, Citrix had already issued two warnings urging admins to patch their appliances in priority.
It also urged administrators to terminate all open and persistent sessions.
In order to stop hackers from obtaining authentication tokens even after the security upgrades have as well been installed.
Thousands of Servers Exposed, Many Already Breached Cybersecurity professional Kevin Beaumont has been monitoring and analyzing cyberattacks against a variety of targets throughout the globe, such as Boeing, DP World, Allen & Overy, and the Industrial and Commercial Bank of China, and he discovered that these targets were probably all compromised through the use of Citrix Bleed exploits.
On Friday, Beaumont revealed that the U.S.-based managed service provider experienced a ransomware attack by a threat group, that has exploited a Citrix Bleed vulnerability a week earlier.
The MSP continues to work on securing its susceptible Netscaler appliances, which may leave its clients' networks and data open to additional intrusions.
The vulnerability was fixed by Citrix in early October, but Mandiant subsequently discovered that it has been actively exploited as a zero-day since at least late August of 2023.
AssetNote, an external attack surface management company, on October 25, released a CVE-2023-4966 proof-of-concept exploit explaining how session tokens can be accessed by cybercriminals from Citrix appliances that has not been patched.
According to Japan-based threat researcher Yukata Sejiyama, over 10,000 Citrix servers - many of which belonged to some important organizations globally - were still susceptible to Citrix Bleed attacks more than a month after the critical flaw was patched.
Ransomware attacks interrupt and delay health care delivery, placing patient lives in danger.
This Cyber News was published on www.cysecurity.news. Publication date: Wed, 06 Dec 2023 15:43:05 +0000