CISA, FBI, and ACSC warn of LockBit 3.0 ransomware exploiting the critical "Citrix Bleed" vulnerability (CVE-2023-4966) in Citrix appliances. Businesses are urged to patch immediately, as attackers can bypass MFA and gain unauthorized access, posing serious cyber risks.
In a crucial cybersecurity collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have issued a joint advisory about LockBit 3.0 ransomware exploiting the CVE-2023-4966 vulnerability, known as "Citrix Bleed." This vulnerability affects Citrix NetScaler ADC and Gateway appliances.
The advisory details TTPs and IOCs sourced from the FBI, ACSC, and Boeing. Boeing's experience with LockBit 3.0 exploiting CVE-2023-4966 for unauthorised access highlights the threat's seriousness. LockBit 3.0, known for its diverse attack methods, targets multiple critical infrastructure sectors. "Citrix Bleed" allows attackers to bypass passwords and MFA, facilitating unauthorised access and data compromise.
CISA and partnering organisations stress the urgency of applying the recommended mitigations, including isolating affected appliances and updating software via the Citrix Knowledge Center. The vulnerability, which enables hijacking legitimate user sessions, was identified in early 2023 and publicly disclosed by Citrix in October 2023. Due to its severity, CISA added it to the KEVs Catalog, emphasising its critical impact on various software versions.
This advisory's release is a significant wake-up call for businesses globally. It underscores the escalating sophistication of cyber threats, particularly ransomware like LockBit 3.0, which now exploit critical vulnerabilities to gain extensive access to corporate networks. The ability to bypass MFA, a cornerstone of modern cybersecurity defences, represents a new level of threat that requires immediate and proactive response. Businesses, especially those in critical infrastructure sectors, must prioritise patching vulnerabilities like CVE-2023-4966 and adopt a layered security approach. This incident highlights the ongoing arms race in cybersecurity, where businesses must constantly evolve their defences in response to increasingly advanced cyber threats.
Elon Musk’s X AI platform has been hit by a massive cyber-attack, leaving users in the U.S. and UK unable to refresh feeds or access accounts. Musk confirmed the attack’s severity, pointing to IP traces from “the Ukraine area,” though experts caution that origin masking is possible.
Late last week, an extraordinary announcement signaled a dramatic shift in U.S. cybersecurity policy: the Trump administration deprioritized Russia as a leading cyber threat. Experts fear downplaying Moscow’s aggression could expose American networks to new risks and undermine national security.
Since early 2022, the British government has tied Iran to over 20 plots threatening UK citizens, reflecting Tehran’s expanding covert tactics. These attempts—spanning assassination, kidnapping, and surveillance—mark a significant escalation on British soil.
In 2024, deepfakes became a major threat, causing market disruptions and privacy concerns. The rapid growth of AI technology has made digital deception easier, stressing the urgent need for enhanced verification systems to protect against misinformation and cyberattacks.
