CyberSecurity news
FlagThis
do son@Daily CyberSecurity
//
Citrix is currently facing a global surge of password spraying attacks aimed at their NetScaler products and other platforms. These attacks are primarily targeting user authentication against older, pre-nFactor endpoints, leading to resource exhaustion, excessive logging, and instability issues for the appliances. Citrix has alerted that the brute force attempts can cause management CPU overload, and these attacks, unlike typical brute force attempts on a single account, try common passwords across multiple accounts. This tactic can overwhelm the appliances, potentially causing service and operational disruptions.
Citrix has provided urgent mitigation steps to combat these attacks. The main advice is to enable Multi-Factor Authentication (MFA) as the first authentication layer. They also recommend restricting access by blocking commonly targeted endpoints, configuring policies to allow requests for specific domain names only, and activating the Web Application Firewall for Gateway vServers to block malicious requests. Furthermore, the use of IP reputation features is advised to automatically block traffic from known malicious IPs, and updating to supported versions of the software is essential.
ImgSrc: securityonline.
References :
Citrix has provided urgent mitigation steps to combat these attacks. The main advice is to enable Multi-Factor Authentication (MFA) as the first authentication layer. They also recommend restricting access by blocking commonly targeted endpoints, configuring policies to allow requests for specific domain names only, and activating the Web Application Firewall for Gateway vServers to block malicious requests. Furthermore, the use of IP reputation features is advised to automatically block traffic from known malicious IPs, and updating to supported versions of the software is essential.
ImgSrc: securityonline.
Share:
References :
- : Citrix security advisory: Citrix is aware of password spraying attacks directed at organizations worldwide, targeting various products (including NetScaler) and platforms.
- www.bleepingcomputer.com: Citrix shares mitigations for ongoing Netscaler password spray attacks
- Citrix Blogs: Password spraying attacks targeting NetScaler
- securityonline.info: Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed
- securityonline.info: Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances
- : Detecting and Mitigating Password Spraying Attacks on NetScaler Gateway
- malware.news: Citrix NetScaler devices targeted with password spraying attacks
- www.scworld.com: Citrix NetScaler devices targeted with password spraying attacks
Classification:
- HashTags: #Citrix #PasswordSpray #Cybersecurity
- Company: Citrix
- Target: Citrix users
- Product: Netscaler
- Feature: Password Spraying
- Type: Hack
- Severity: Major