sb-eu logo
Story image

15,000 companies still critically vulnerable from Citrix security flaws - report

A month and a half after Positive Technologies released its overview of a critical vulnerability in Citrix software that was endangering 80,000 companies in 158 countries, one out of every five companies have still not taken any action to fix this vulnerability, according to recent threat intelligence from Positive Technologies.
Critical vulnerability CVE-2019-19781 in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) was discovered in December by Positive Technologies expert Mikhail Klyuchnikov. 

According to Positive Technologies data as of the end of 2019, the greatest number of potentially vulnerable organizations is located in the US (over 38% of all vulnerable organizations), as well as in Germany, the UK, the Netherlands, and Australia. 

On January 8, 2020, an exploit was released. It allowed a potential attacker to perform automatic attacks against companies that failed to fix the vulnerability.
Citrix developers planned to resolve the issue on January 27 through January 31 but released a series of patches for various product versions a week before that. 

Positive Technologies expert security center director Alexei Novikov says those affected should take every precaution.

“The necessary update must be installed as soon as possible,” says Novikov.

“Until then, follow the security recommendations by Citrix, available since the information about the vulnerability was released.” 
Overall, the vulnerability is being fixed relatively quickly, but 19% of companies are still at risk. 

The countries with the greatest numbers of vulnerable companies currently include Brazil (43% of all companies where the vulnerability was originally detected), China (39%), Russia (35%), France (34%), Italy (33%), and Spain (25%). 

The US, UK, and Australia are protecting themselves quicker, but they each have 21% of companies still using vulnerable devices without any protection measures.
If the vulnerability is exploited, attackers obtain direct access to the company's local network from the internet. 

This attack does not require access to any accounts and therefore can be performed by any external attacker.
To fend off potential attacks, companies can use web application firewalls. 

The system must be set to block all dangerous requests to ensure protection in real time. 

Considering how long this vulnerability has been around (the first vulnerable version of the software was released in 2014), detecting potential exploitation of this vulnerability and, therefore, infrastructure compromise retrospectively becomes just as important. 

Starting December 18, 2019, PT Network Attack Discovery users can use special rules detecting attempts to exploit this vulnerability online.

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Bitglass receives US patent for SAML technology
Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process.More
Story image
California's CCPA now enforced worldwide
“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” comments ISACA Privacy Group member David Bowden.More
Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More