citrix 1
A critical remote code execution (RCE) vulnerability identified as CVE-2023-3519 has been the subject of several attacks, which have already compromised and backdoored hundreds of Citrix Netscaler ADC and Gateway servers.
Attackers used web shells on at least 640 Citrix servers in these attacks, according to security experts from the Shadowserver Foundation, a nonprofit organization focused on advancing internet security.
Previously, the vulnerability was used as a zero-day attack on the network of a critical infrastructure organization in the United States.
“We can say it’s fairly standard China Chopper, but we do not want to disclose more under the circumstances.
I can say the amount we detect is much lower than the amount we believe to be out there, unfortunately,” Shadowserver CEO Piotr Kijewski said.
”We report on compromised appliances with webshells in your network (640 for 2023-07-30).
We are aware of widespread exploitation happening July 20th already,” Shadowserver said on their public mailing list.
“If you did not patch by then please assume compromise. We believe the actual amount of CVE-2023-3519 related web shells to be much higher than 640.”
Around 15,000 Citrix appliances were CVE-2023-3519 attack-vulnerable as of around two weeks ago.
Le règlement DORA : un tournant majeur pour la cybersécurité des institutions financières Le 17…
L’Agence nationale de la sécurité des systèmes d'information (ANSSI) a publié un rapport sur les…
Directive NIS 2 : Comprendre les nouvelles obligations en cybersécurité pour les entreprises européennes La…
Alors que la directive européenne NIS 2 s’apprête à transformer en profondeur la gouvernance de…
L'intelligence artificielle (IA) révolutionne le paysage de la cybersécurité, mais pas toujours dans le bon…
Des chercheurs en cybersécurité ont détecté une intensification des activités du groupe APT36, affilié au…
This website uses cookies.