Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer. Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday warned that criminals have exploited CVE-2023-24489, a 9.8-of-10-severity improper-access-control bug in …
Since Citrix was acquired by private equity and they dismantled their entire Product Security Team as a cost cutting measure and given the nature of their Netscaler product, which can be somewhat analogous to SolarWinds, Citrix is a high-value soft target. Leadership (Tom Krause, et al) should be held accountable for its complete lack of understanding the role security plays when an Application Delivery Controller is your product. It was very poor judgement. It damages the company's reputation. It will damage the company's profit. And, most importantly, it damages their customers' security posture. This was not merely the case of a powerful bad actor exploiting a vulnerability. This was negligence. It can be avoided in the future but only if the company changes direction.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
