'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams. As of October 30, Shadowserver spotted just over 5,000 vulnerable servers on the public internet. …
Stealing session tokens out of memory seems like a neat (new? new-old?) trick, the kind of thing CPU side-channel attacks wish they could do in the real world.
I wonder how many other vulnerabilities on the outset look like simple memory reads that don't turn up anything useful, only for someone to use them to scan RAM for login tokens. Like Windows hash theft but... easier.
They seem to have changed their focus to their Xen product lineup and relegated Citrix remote desktop to an afterthought. Pretty much they switched to a Virtual Machine and SaaS model like the rest of the industry seem to be doing and raking in that sweet licensing loot.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
