back to article Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild

Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer. Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday warned that criminals have exploited CVE-2023-24489, a 9.8-of-10-severity improper-access-control bug in …

  1. t245t

    Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA)

    I feel better already /s

  2. Anonymous Coward
    Anonymous Coward

    Citrix still exists?

  3. Anonymous Coward
    Anonymous Coward

    Citrix has a very big target on its back

    Since Citrix was acquired by private equity and they dismantled their entire Product Security Team as a cost cutting measure and given the nature of their Netscaler product, which can be somewhat analogous to SolarWinds, Citrix is a high-value soft target. Leadership (Tom Krause, et al) should be held accountable for its complete lack of understanding the role security plays when an Application Delivery Controller is your product. It was very poor judgement. It damages the company's reputation. It will damage the company's profit. And, most importantly, it damages their customers' security posture. This was not merely the case of a powerful bad actor exploiting a vulnerability. This was negligence. It can be avoided in the future but only if the company changes direction.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like