citrix 1
A critical remote code execution (RCE) vulnerability identified as CVE-2023-3519 has been the subject of several attacks, which have already compromised and backdoored hundreds of Citrix Netscaler ADC and Gateway servers.
Attackers used web shells on at least 640 Citrix servers in these attacks, according to security experts from the Shadowserver Foundation, a nonprofit organization focused on advancing internet security.
Previously, the vulnerability was used as a zero-day attack on the network of a critical infrastructure organization in the United States.
“We can say it’s fairly standard China Chopper, but we do not want to disclose more under the circumstances.
I can say the amount we detect is much lower than the amount we believe to be out there, unfortunately,” Shadowserver CEO Piotr Kijewski said.
”We report on compromised appliances with webshells in your network (640 for 2023-07-30).
We are aware of widespread exploitation happening July 20th already,” Shadowserver said on their public mailing list.
“If you did not patch by then please assume compromise. We believe the actual amount of CVE-2023-3519 related web shells to be much higher than 640.”
Around 15,000 Citrix appliances were CVE-2023-3519 attack-vulnerable as of around two weeks ago.
Introduction La cybersécurité est devenue une priorité stratégique pour toutes les entreprises, grandes ou petites.…
Cybersécurité : les établissements de santé renforcent leur défense grâce aux exercices de crise Face…
La transformation numérique du secteur financier n'a pas que du bon : elle augmente aussi…
L'IA : opportunité ou menace ? Les DSI de la finance s'interrogent Alors que l'intelligence…
Telegram envisage de quitter la France : le chiffrement de bout en bout au cœur…
Sécurité des identités : un pilier essentiel pour la conformité au règlement DORA dans le…
This website uses cookies.