Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear (techcrunch.com) 19

The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. From a report: The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices -- no passwords needed. Citrix also says the flaw is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. "Limited exploits of this vulnerability have been reported." Citrix hasn't specified which industries the targeted organizations are in or how many have been compromised.
This discussion has been archived. No new comments can be posted.

NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear

Comments Filter:
  • ....and spooks have been sitting on the flaws *cough*backdoors*cough* until the hackers find them.

    Change my mind.

  • Based on the CVE #, it looks like Citrix first identified the issue in April. Guessing they did not understand the criticality, or were they thinking "no one knows about this, so it's OK?"
  • At this point, shouldn't all Chinese IP addresses be blocked by US companies by default?
  • Moral of the story: Don't buy Citrix products

  • Ah, they're complaining somebody else is playing with their toys?

You know you've landed gear-up when it takes full power to taxi.

Working...