On November 21st, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released an advisory highlighting the ongoing exploit of the Citrix Bleed Vulnerability (CVE-2023-4966) by Lockbit 3.0 affiliates.
Critical zero-day Citrix CVE-2023-3519 is still being exploited two months after Citrix released a patch. IONIX research found that 19% of the CVE-2023-3519 vulnerabilities are still unmitigated in comparison to only 3% among IONIX customers. In addition, IONIX customers were able to resolve this critical risk three times faster.
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools.
CurrentWare’s suite of user activity monitoring, web filtering, device control, and remote PC power management software has been verified as Citrix Ready®. The Citrix Ready program helps users of Citrix Virtual Apps and Desktops (formerly Citrix XenApp and XenDesktop) identify third-party solutions that are verified as compatible with a Citrix VDI deployment.