No One Is Safe; Citrix Networks Breached

By

Citrix learned about the attack from the FBI

Citrix, a software giant that offers a wide range of products and services, admitted that its networks were breached.

Stan Black, chief information security officer at Citrix, wrote in a blog post that attackers stole “business documents.” Citrix still doesn't know which specific documents were accessed or stolen.

“At this time, there is no indication that the security of any Citrix product or service was compromised,” he wrote.

What’s worrying is that Citrix itself didn’t detect the breach; it was the FBI that informed Citrix about an attack on March 6.

If a major player like Citrix is unaware of any such attack, what chance does an average company have to learn about similar attacks?

Citrix also didn’t tell when the attack started and how long it lasted. It should worry the almost half a million enterprise customers who use Citrix to manage their VPNs.

FBI said that attackers supposedly used a password spraying technique to exploit weak passwords. Once they gained basic access, they tackled additional layers of security.

03/12/2019

Related content

  • News for Admins
    F5 Acquires NGINX for $670 Million; No One Is Safe – Citrix Networks Breached; A 19-Year-Old Bug in WinRAR; An Image Can Compromise Your Android Device and LibreOffice Vulnerable to Remote Code Execution Flaw
  • Citrix NetScaler steps in for Microsoft TMG/ISA
    Since Microsoft announced the discontinuation of its Threat Management Gateway (TMG) – successor to the Internet Security and Acceleration (ISA) Server – companies have been looking for an adequate replacement. Citrix jumps into the breach with its various NetScaler products.
  • Desktops and applications with Essentials
    Employees or individual teams who need a workstation quickly can benefit from XenApp Essentials and XenDesktop Essentials; those who need more extensive services can move to XenApp and XenDesktop Services.
  • Citrix XenServer 6.2 goes open source
    In June, Citrix released the latest version of XenServer Enterprise as open source software. The manufacturer hopes to benefit from input from the community, attract more customers for its desktop virtualization solution, and improve its market position.
  • Ubuntu Forums Breached Again
comments powered by Disqus