"Any application on any device from any location"
A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access. Citrix (NetScaler) ADC is a load balancer and …
@"To be fair, that applies to all software. Patch and move on people :)"
"Ah, the house burnt down, meh it's all in a days work" this level of complacency is unbecoming in someone supposedly taking security seriously.
Perhaps making certain that code is free of vulnerablities before releasing would be better than having to rebuild the house each time, certainly if you are having to pay the costs.
...who knows a zero day exploit.
To be fair, that applies to all software. Patch and move on people :) ..... Anonymous Coward
Of course, some vulnerabilities are abiding exploits which will never have patches available.
That puts real smart zero days in effective leading command and control ....... which you may note is not a question to suggest the possibility or existence of doubt.
And such is the exciting nature of future shenanigans. I Kid U Not.
And a quite surreal and most efficient stealth is provided by the presence of an insistent persistent disbelief.
Oh, and Merry Xmas, El Regers. ...... Ever onwards and upwards. :-)
Regarding .. Is the sky falling or is it just me? ..... in the quantum environment are both an experience one can imagine and realise for the birthing and/or berthing of other virtual realities one can driver oneself in the company of others similarly gifted .... or cursed as the case may be in those less than well enough enabled to cope and deal with all manner of such matters.
Crikey, Jumping Jehoshophat Batman, .... a brace of cohesive posts in as many days. That's definitely progress in deed, indeed.
Most of the Citrix setups aren't setup properly. So from a dialogue box, such as a save box, you can browse the local server, run cmd, then run IE or whatever other browser is installed. Then use their server to browse the Internet bypassing any local filtering. Also download all your exploits to that server from itself.
No one would leave a server so open I hear you say. Yes they would. A finance department were using a very small company to supply them with their finance app. With the main company we were at forcing a move to "cloud" for every department this small company didn't want to loose business so said they now had a "cloud" version of their app. They didn't really. It was just stuck on a server in one data centre. I said I wanted to test it before fully going live. They hadn't implemented 2fa, which they put on after my suggestion. Then once on the server it was easy to break out of the app, browse the server, run whatever you wanted and surf the net to your hearts content. They originally were gonna make it live in that state!
I'm guessing someone is equating an unauthenticated remote code execution flaw with a poorly setup Citrix environment to suggest all Citrix environments are insecure.
Next they will be using the same post to show how they brilliantly saved the world while still missing the original point...
Erm... Windows has functionality to authenticate who is logging in. Then they are logged in - in a similar way to if they log in to a desktop or laptop.
Being able to run look at files you have permissions to look at, and run web browsers on a computer that you have logged into is not really a security issue. If it is you are doing it wrong.
"Why do people insist on calling something by a defunct technology acronym that (almost certainly) isn't even in use in that product?"
It gets worse, I was in a pub watching something called "football" and they used both their feet and their heads. Ridiculous isn't it?
And when are they going to release HTTPT?
Based on Heinz failed attempt to rebrand Salad Cream to sandwich cream, I'm not sure there's any hope that TLS will replace SSL, for vpn's or secure web access in the public's eyes, in the next decade or two ha ha.
Plus ignoring the technical geekery, there is something comforting about SSL the public will always love...however mis-guided.
Ever since xendesktop 7 was released, the product has been utter tosh. Released too early with a sub standard featureset full of bugs and now security flaws. The product of cheap and agile software development. It's ok it will be a good.product 8 years after initial release
In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.
Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said.
Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.
Research by Citrix shows business leaders don't entirely trust their employees when it comes to hybrid work.
The report, dubbed "Work rebalanced" [PDF] was drawn from the views of 900 business leaders and 1,800 employees across the globe, including in the US, the UK, Australia, France, Germany, Japan, Mexico, and the Netherlands.
Citrix has made deals with cloud providers to sell its Desktop as a Service (Daas) platform, providing enterprises with a choice of host for its virtual desktop products.
The latest partnership is with Google Cloud, while a similar arrangement was announced with Microsoft's Azure in April.
The remote access pioneer has made available two new Citrix DaaS products that can be purchased by customers in the Google Cloud Marketplace.
Citrix is to be acquired by Vista Equity Partners and Evergreen Coast Capital in a deal worth $16.5bn. The move will see Citrix taken into private ownership and combined with Tibco, another firm already in Vista's portfolio.
Under the terms of the agreement announced today, Citrix shareholders will receive $104 per share, a price which represents a premium of 24 per cent over the over the closing price on December 20, the last trading day before rumours began to leak regarding a potential takeover.
Citrix also put out its financial results for the fourth quarter of its fiscal year 2021 today, reporting revenue of $851m compared to $810m for the same quarter in 2020, representing 5 per cent growth.
Vista Equity Partners and Evergreen Coast Capital, the two private equiteers behind the plan to take Citrix private and merge it with TIBCO have given assurances to Citrix staff their benefits aren't in immediate peril – but warned workers on H-1B visas they'll likely face a review.
The warning for staff employed on the visas – the sometimes controversial permit that allows skilled foreigners to work in the USA – comes in an updated FAQ for employees filed on Wednesday to ensure investors are informed about activities at the company.
The document is largely unchanged from a version published on January 31, so the following explanation of the transaction's intent remains in place:
Citrix has initiated a "Restructuring Program" under which the company will reduce headcount and close some offices. The Register understands that staff around the world have already been let go.
The application streamer on Monday emitted a regulatory filing that detailed a plan that includes "elimination of full-time positions, termination of certain contracts, and asset impairments, primarily related to facilities consolidations".
The restructure is forecast to result in charges of approximately $130m to $240m, $65m to $90m of which has been set aside to cover employee severance payments.
Citrix has created a web browser and lost its CEO.
According to a regulatory filing, in early October, the company's board appointed Robert M. Calderoni as interim CEO, after David Henshall stepped down from the role. The change was sudden and unexpected but appears to have been amicable as Henshall continues as an advisor to Calderoni.
The company is hunting for a new CEO.
The Xen Project has delivered an upgrade to its hypervisor.
Version 4.16 was announced yesterday by developer and maintainer Ian Jackson, capping a nine-month effort that saw four release candidates emerge in November 2021 prior to launch.
The project's feature list for the release celebrates the following additions as the most notable inclusions:
Citrix is planning to make its Virtual Apps and Desktop Service (CVADS) more portable under an effort called “Project Bifrost.”
The Register understands that Project Bifrost will let users package their CVADS rigs so they can be moved among clouds. While migration and disaster recovery are obvious uses for the project, Citrix hopes it also improves portability so that customers can pick and choose between different clouds, and easily move to new cloud regions.
Citrix is mindful that its customers sometimes like to make cloud-to-cloud migrations between different providers, to chase either lower latency or costs.
Citrix has confirmed plans to buy Wrike, a project management and team-based collaboration tool, for $2.25bn.
While the move is dwarfed by Salesforce's $28bn takeover of hipster chat and collaboration darling Slack, the purchase will see the combination serving over 400,000 customers over 140 countries.
The all-cash deal is expected to close later this year, and has received unanimous sign-off from directors in both camps.
Biting the hand that feeds IT © 1998–2022