Access Denied

This page requires users to be logged in and using a specific plan to access its content.

If you believe this is an error or need help, please contact
support@cybernewscentre.com


Login or Sign Up
⭠ Back

Urgent Advisory - LockBit 3.0 Ransomware Exploits 'Citrix Bleed' Vulnerability

Add to favourites
Remove from favourites
Loading...
In a crucial cybersecurity collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have issued a joint advisory about LockBit 3.0 ransomware.
Copy Page Link
Mark De Boer
November 23, 2023

https://www.cybernewscentre.com/plus-content/content/urgent-advisory-lockbit-3-0-ransomware-exploits-citrix-bleed-vulnerability

You have viewed 0 of your 5 complimentary articles this month.
You have viewed all 5 of your 5 complimentary articles this month.
This content is only available to subscribers. Click here for non-subscriber content.
Sign up for free to access more articles and additional features.
Create your free account
follow this story

Joint Cybersecurity Advisory Warns of LockBit 3.0 Ransomware Exploiting Critical 'Citrix Bleed' Vulnerability

In a crucial cybersecurity collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have issued a joint advisory about LockBit 3.0 ransomware exploiting the CVE-2023-4966 vulnerability, known as "Citrix Bleed." This vulnerability affects Citrix NetScaler ADC and Gateway appliances.

CVE-2023-4966 and CVE-2023-4967 | Lockbit 3.0 'Citrix Bleed' Vulnerability

Multiple Vulnerabilities Have Been Discovered In NetScaler ADC (Formerly Citrix ADC) And NetScaler Gateway (Formerly Citrix Gateway).

Critical Vulnerability

The advisory details TTPs and IOCs sourced from the FBI, ACSC, and Boeing. Boeing's experience with LockBit 3.0 exploiting CVE-2023-4966 for unauthorised access highlights the threat's seriousness. LockBit 3.0, known for its diverse attack methods, targets multiple critical infrastructure sectors. "Citrix Bleed" allows attackers to bypass passwords and MFA, facilitating unauthorised access and data compromise.

@CyberGovAU advisory on X (formerly Twitter)

CISA and partnering organisations stress the urgency of applying the recommended mitigations, including isolating affected appliances and updating software via the Citrix Knowledge Center. The vulnerability, which enables hijacking legitimate user sessions, was identified in early 2023 and publicly disclosed by Citrix in October 2023. Due to its severity, CISA added it to the KEVs Catalog, emphasising its critical impact on various software versions.

Analysis of the Advisory's Significance for Businesses

This advisory's release is a significant wake-up call for businesses globally. It underscores the escalating sophistication of cyber threats, particularly ransomware like LockBit 3.0, which now exploit critical vulnerabilities to gain extensive access to corporate networks. The ability to bypass MFA, a cornerstone of modern cybersecurity defences, represents a new level of threat that requires immediate and proactive response. Businesses, especially those in critical infrastructure sectors, must prioritise patching vulnerabilities like CVE-2023-4966 and adopt a layered security approach. This incident highlights the ongoing arms race in cybersecurity, where businesses must constantly evolve their defences in response to increasingly advanced cyber threats.

Joint Cybersecurity Advisory Warns of LockBit 3.0 Ransomware Exploiting Critical 'Citrix Bleed' Vulnerability

In a crucial cybersecurity collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have issued a joint advisory about LockBit 3.0 ransomware exploiting the CVE-2023-4966 vulnerability, known as "Citrix Bleed." This vulnerability affects Citrix NetScaler ADC and Gateway appliances.

CVE-2023-4966 and CVE-2023-4967 | Lockbit 3.0 'Citrix Bleed' Vulnerability

Multiple Vulnerabilities Have Been Discovered In NetScaler ADC (Formerly Citrix ADC) And NetScaler Gateway (Formerly Citrix Gateway).

Critical Vulnerability

The advisory details TTPs and IOCs sourced from the FBI, ACSC, and Boeing. Boeing's experience with LockBit 3.0 exploiting CVE-2023-4966 for unauthorised access highlights the threat's seriousness. LockBit 3.0, known for its diverse attack methods, targets multiple critical infrastructure sectors. "Citrix Bleed" allows attackers to bypass passwords and MFA, facilitating unauthorised access and data compromise.

@CyberGovAU advisory on X (formerly Twitter)

CISA and partnering organisations stress the urgency of applying the recommended mitigations, including isolating affected appliances and updating software via the Citrix Knowledge Center. The vulnerability, which enables hijacking legitimate user sessions, was identified in early 2023 and publicly disclosed by Citrix in October 2023. Due to its severity, CISA added it to the KEVs Catalog, emphasising its critical impact on various software versions.

Analysis of the Advisory's Significance for Businesses

This advisory's release is a significant wake-up call for businesses globally. It underscores the escalating sophistication of cyber threats, particularly ransomware like LockBit 3.0, which now exploit critical vulnerabilities to gain extensive access to corporate networks. The ability to bypass MFA, a cornerstone of modern cybersecurity defences, represents a new level of threat that requires immediate and proactive response. Businesses, especially those in critical infrastructure sectors, must prioritise patching vulnerabilities like CVE-2023-4966 and adopt a layered security approach. This incident highlights the ongoing arms race in cybersecurity, where businesses must constantly evolve their defences in response to increasingly advanced cyber threats.

Get access to more articles for free.
Create your free account
Ransomware
Cyber Security
Briefings
No items found.
International
Alert
Vulnerabilities
Boeing
LockBit
CISA
Australian Cyber Security Centre (ACSC)
Australian Signals Directorate (ASD)
FBI
Hide Me
Ransomware
Cyber Security
Briefings
Global
No items found.
No items found.
No items found.
International
Alert
Vulnerabilities
Boeing
LockBit
CISA
Australian Cyber Security Centre (ACSC)
Australian Signals Directorate (ASD)
FBI
International
Alert
Vulnerabilities
Boeing
LockBit
CISA
Australian Cyber Security Centre (ACSC)
Australian Signals Directorate (ASD)
FBI
Briefs

Part 1 Navigating the AI Regulatory Maze: California’s SB 1047 in the Spotlight

Cyber Bites - Cyber Espionage, Malware Exploits, and Global Security Gaps

Part 2 - The Digital Moral Challenge: The Power of Titans Shaping Our Future

Part 1 - The AI Moral Dilemma of the Digital Age: Grok And Governance

Related
In this mid-week edition of CYBER BITES, we dive into Iran’s cyberespionage group "Pioneer Kitten" collaborating with ransomware gangs, the massive "RockYou2024" password leak endangering billions, urgent warnings on NHS cybersecurity gaps, and the U.S. offering a $2.5M bounty for a notorious malware distributor.
Complimentary
Free
Opinion
Editor's Pick

Cyber Bites - Cyber Espionage, Malware Exploits, and Global Security Gaps

BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
Complimentary
Free
Opinion
Editor's Pick

BlackSuit Ransomware Strikes, China-Linked Cyber Threats, and Data Breach Fines

Kicking off the week on Monday, August 12th, cybersecurity news starts with a bang as U.S. District Judge Amit Mehta ruled that Google violated antitrust laws, a decision that could drastically reshape the tech giant's future.
Complimentary
Free
Opinion
Editor's Pick

Google Violates Antitrust Laws, Cyber Vulnerabilities Rise, And OpenAI Exodus

More Cyber News