Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Citrix Discloses Security Breach of Internal Network (zdnet.com) 43

Citrix disclosed today a security breach during which hackers accessed the company's internal network. In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week. From a report: "On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network," Black said. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security," the Citrix exec added. Black said hackers accessed and downloaded business documents, but Citrix wasn't able to identify what specific documents had been stolen at the time of his announcement today.
This discussion has been archived. No new comments can be posted.

Citrix Discloses Security Breach of Internal Network

Comments Filter:
  • by jellomizer ( 103300 ) on Friday March 08, 2019 @03:57PM (#58239494)

    I know Citrix is a godsend for people who have to deal with Software Deployment and updates. But it is really just a gross hack to make software accessible over the network that were never designed to be such. On most Citrix Setups I am able to get more access to apps that I wasn't given permission for. Mostly due to the fact that Windows security wasn't designed for Citrix in mind. A right click here, view file path, or a help file that opens IE. I now have access to applications on the server that I wasn't really meant to have.

    If you think Citrix is a good idea, then you probably should be looking at different software, such as more Web Based (HTML) Application. Because you will be better off.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Sometimes Citrix is the answer because there's some dogshit legacy app that you're stuck with. It's not a good idea, it's just barely tolerable.

      • As someone that's done all that for the last 20 years for apps that have been around for 20 year prior to me, "tolerable" perhaps in the modern sense, but in comparison the the "dogshit legacy app" it might be considered considerably more. Citrix is a vast improvement over what existed, which perhaps isn't saying much, but still.

        That said, to the previous poster, yes I've seen the security stuff first hand. I don't exactly advertise it to users, but it's there, every now and again I accidentally "oh hello t

    • Another cute trick is to disable the goddam network card.

      I did that a lot and the custodians were never aware.

      It created a lot of problems and a few techs tightened things up and accidentally protected the card, but most never learned.

    • by gweihir ( 88907 )

      Oh? I use SSH for remote development and updates. Citrix is a symptom of an inferior system that is unsuitable for professional work.

    • Windows security wasn't designed for Citrix in mind

      Not arguing the usefulness or effectiveness of Citrix software, but Citrix is responsible for Windows Terminal Services and has been since NT4. They wrote it. It is very much part of Windows and pretty much always has been
  • ... didn't know they had been hacked and, when informed that they were breached, didn't know what the hackers got.

    Clueless.

    • by gweihir ( 88907 )

      And they were apparently compromised because somebody from outside got in using a weak password. Criminally negligent is what I call that.

  • They have nothing of value to steal. Must have been a practice attack or somebody that was forced to user their products and wants revenge for that.

You know you've landed gear-up when it takes full power to taxi.

Working...