DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CISA pushes federal agencies to patch Citrix RCE within a week

Posted on January 18, 2024 by Dissent

Sergiu Gatlan reports:

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week.

The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack vectors for malicious cyber actors” that pose “significant risks to the federal enterprise.”

Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denial-of-service attacks, respectively.

Those who can’t immediately install the security updates can block network traffic to affected instances and ensure they’re not accessible online as a temporary workaround.

Read more at Bleeping Computer.

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesOf NoteU.S.

Post navigation

← As hacks worsen, SEC turns up the heat on CISOs
Tilbury District Family Health Team confirms patient data impacted by October ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Runsafe report: Medical device cyberattacks threaten patient care, strain budgets, top concern for healthcare sector
  • Ryuk ransomware’s initial access expert extradited to the U.S. from Ukraine
  • Alleged Geisinger hacker will defend himself pro se.
  • Tallahassee Memorial Healthcare reveals it was also impacted by Cerner/Legacy Oracle cyberattack
  • Hospital cyberattack investigation complete, no formal review needed
  • Largest Ever Seizure of Funds Related to Crypto Confidence Scams
  • IMPACT: 170 patients harmed as a result of Qilin’s ransomware attack on NHS vendor Synnovis
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • UBS reports data leak after cyber attack on provider, client data unaffected
  • Scania confirms insurance claim data breach in extortion attempt

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data
  • DOJ Seeks More Time on Tower Dumps
  • Your household smart products must respect your privacy – including your air fryer
  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.