NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear (techcrunch.com) 19
The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. From a report: The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices -- no passwords needed. Citrix also says the flaw is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. "Limited exploits of this vulnerability have been reported." Citrix hasn't specified which industries the targeted organizations are in or how many have been compromised.
Re: (Score:1)
--- Ars Technica Subscriber
Re: (Score:3)
But! But... "Whataboutism!!!!"
--- Ars Technica Subscriber
Or maybe it just sucks that both foreign powers AND our own government are hacking our devices.
Re: Of course (Score:3)
Re: (Score:2)
When GCHQ, the British version of the NSA, tells me to avoid something, I assume it's because they can't hack it. When GCHQ tells me to use something, I assume it's because they already have a backdoor into it.
Re: (Score:3)
And people can't believe they're not hoovering up data left and right on all people using TikTok, or using it as likely a psy-ops program to try to steer the thinking of the populace and sway western societies, or try to confuse and disrupt them.
They certainly don't show the same shit to the natives in the Chinese home land, or do they let their kids watch what they pump out to ours.
Re: (Score:2)
And...people still think "you've being xenophobic saying the Chinese govt is spying and stealing tech"...
It's been a long time since I've seen that sentiment. The point being made here is that you should not think that because China is a bad actor that our side are somehow good guys.
All of the things you accuse the Chinese of doing they learned from us.
Re: (Score:2)
Compared to other countries, especially china....we are the "good guys".
And at least, when my govt. screws up, they are answerable to their own citizens.
And yes, I expect our country to spy on them to know what they're up to for our national defense...especially since China is growing increasingly aggressive.
I expect us to do
Re: (Score:2)
And at least, when my govt. screws up, they are answerable to their own citizens.
In what way is that even remotely true? Your Ronald Reagan used the CIA to sell crack cocaine to Americans to fund his shitty war in Nicaragua, and sent arms to Iran despite that being illegal.
Was he prosecuted?
Re: (Score:2)
And it sucks when foreign powers do it better than our guys...
Re: (Score:2)
The NSA isn't exploiting any zero-day bugs in popular networking gear, also.
Exactly! If the NSA wants you to install this patch that seems like all the reason for you to not install it. Only NSA bootlickers would install this patch.
See a bunch of NSA bootlickers trying to suppress the truth! Flamebait my ass. DO NOT PATCH IF THE NSA TELLS YOU TOO! YOU JUST PLAY INTO THEIR HANDS! THE PATCH IS THE HACK!! NSA BAD!!
Zero Day is measured from public finding out.... (Score:1)
....and spooks have been sitting on the flaws *cough*backdoors*cough* until the hackers find them.
Change my mind.
Re: (Score:2)
Change my mind.
Why would I? You are perfectly right.
8 months? (Score:2)
Great Firewall of China (Score:1)
Moral (Score:2)
Moral of the story: Don't buy Citrix products
Comment (Score:2)