Concerns Raised by Cyber Experts and Officials Regarding Exploits Targeting Citrix and Apache Products

    Cybersecurity specialists and officials express significant concern regarding several newly identified vulnerabilities with critical severity scores.

    Zero-Day Bugs on CISA’s Radar

    The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its known exploited vulnerability (KEV) list to include two zero-day bugs impacting Citrix and Apache products. This update signals an immediate need for attention to these pressing security issues.

    HelloKitty Ransomware Exploiting Apache

    Rapid7, a cybersecurity firm, has raised the alarm about HelloKitty ransomware attackers exploiting a flaw in Apache ActiveMQ (CVE-2023-46604). As an essential Java-based message broker, Apache ActiveMQ has fallen victim to ransomware attacks twice. Rapid7 has encountered exploit code that mirrors the attacks they have managed.

    CISA’s response to this threat involves cataloguing the vulnerability and mandating federal civilian agencies to mitigate the risk by November 23.

    Apache has reacted to this threat by disclosing the vulnerability details and releasing updated ActiveMQ versions on October 25.

    In parallel, Huntress, another cybersecurity entity, has observed and confirmed exploitation attempts by hackers aiming to deploy the HelloKitty ransomware, leveraging the vulnerability that carries a maximum CVSS severity score of 10.

    ‘Citrix Bleed’—A Persistent Danger

    The cyber community is witnessing active exploitation of another vulnerability, known colloquially as ‘Citrix Bleed.’ This flaw, catalogued as CVE-2023-4966, poses a significant threat as it allows intruders to access sensitive data. The targets of these attacks include government bodies, professional services, and tech companies. Citrix has responded by issuing a security bulletin regarding the vulnerability.

    PoC Exploits Released

    AssetNote, committed to cybersecurity defence, has introduced a proof-of-concept (PoC) exploit for ‘Citrix Bleed.’ This bug’s severity is alarming, with a CVSS score of 9.4.

    Continuous Exploits Despite Countermeasures

    Mandiant, an expert in the field, has tracked the exploitation of this flaw since late August. They have identified multiple incidents where hackers have successfully commandeered NetScaler ADC and Gateway appliances.

    CISA has not only catalogued this Citrix vulnerability but also set a deadline of November 8 for federal agencies to implement patches. However, experts warn that patching alone is insufficient; organizations must also scrutinize for any signs of compromise.

    The Urgent Need for Vigilance

    Despite patch availability, thousands of instances where the product remains in use, particularly in North America, are still vulnerable.

    Kevin Beaumont, a cybersecurity authority, has pointed out the active exploitation attempts by at least two ransomware gangs and four different hacker groups.

    In response to these ongoing threats, Mandiant urges government cyber agencies to elevate awareness and prompt action in addressing these vulnerabilities.

    Latest articles

    Related articles