#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

citrix software | Breaking Cybersecurity News | The Hacker News

Category — citrix software
Critical Flaws Affect Citrix Endpoint Management (XenMobile Servers)

Critical Flaws Affect Citrix Endpoint Management (XenMobile Servers)

Aug 11, 2020
Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM) , also known as XenMobile, a product made for enterprises to help companies manage and secure their employees' mobile devices remotely. Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities. It allows companies to control which apps their employees can install while ensuring updates and security settings are applied to keep business information protected. According to Citrix, there are a total of 5 vulnerabilities that affect on-premise instances of XenMobile servers used in enterprises to manage all apps, devices, or platforms from one central location. "Remediations have already been applied to cloud versions, but hybrid rights users need to apply the upgrades to any on-premises instance," the company sai d in a post today. If left unpatched and exploited successfully,...
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Jul 08, 2020
Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers . Citrix confirmed that the aforementioned issues do not impact other virtual servers, such as load balancing and content switching virtual servers. Among the affected Citrix SD-WAN WANOP appliances include models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. The networking vendor also reiterated that these vulnerabilities were not connected to a previously fixed zero-day NetScaler flaw (tagged as CVE-2019-19781 ) that allowed bad actors to perform arbitrary code execution even without proper authentication. It also said there's no evidence ...
Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Apr 16, 2025SaaS Security / Identity Management
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

May 05, 2020
Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from Dimitri van de Giessen , an ethical hacker and system engineer—is scheduled to be available publicly later today on the Citrix website . Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. The newly identified security issues ( CTX-CVE-2020-7473 ) specifically affect customer-managed o...
cyber security

Mastering AI Security: Your Essential Guide

websiteWizAI Security / Posture Management
Learn how to secure your AI pipelines and stay ahead of AI-specific risks at every stage with these best practices.
Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

Jan 20, 2020
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit vulnerable systems, even a short window of time resulted in the compromise of hundreds of Internet exposed Citrix ADC and Gateway systems. As explained earlier on The Hacker News, the vulnerability, tracked as CVE-2019-19781 , is a path traversal issue that could allow unauthenticated remote attackers to execute arbitrary code on several versions of Citrix ADC and Gateway products, as well as on the two older versions of Citrix SD-WAN WANOP. Rated critical with CVSS v3.1 base score 9.8, the issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, w...
PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

Jan 11, 2020
It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 , 2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supported build...
Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Mar 11, 2019
Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in. However, the FBI believes that the miscreants likely used a "password spraying" attack where the attackers guessed weak passwords to gain an early foothold in the company's network in order to launch more extensive attacks. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent...
Expert Insights / Articles Videos
Cybersecurity Resources