Tag Archive for: GATEWAY

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

/in


Jul 19, 2023THNVulnerability / Cyber Threat

Citrix ADC and Gateway

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild.

Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions –

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297, and
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on “unmitigated appliances.” However, successful exploitation requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server.

Also addressed alongside CVE-2023-3519 are two other bugs –

  • CVE-2023-3466 (CVSS score: 8.3) – An improper input validation vulnerability resulting in a reflected cross-site scripting (XSS) attack
  • CVE-2023-3467 (CVSS score: 8.0) – An improper privilege management vulnerability resulting in privilege escalation to the root administrator (nsroot)

Wouter Rijkbost and Jorren Geurts of Resillion have been credited with reporting the bugs. Patches have been made available to address the three flaws in the below versions –

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS, and
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

Customers of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version to mitigate potential threats.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried…

Source…

CO 141 between Naturita and Gateway to close for flood safety — Colorado Department of Transportation

/in


Southwest Colorado — CO Highway 141 will likely be closed between Naturita and Gateway on Friday evening due to forecasted high river flows. If the river reaches expected levels, the Colorado Department of Transportation plans to close the highway at 5 p.m. The highway will remain closed until the flood danger has subsided. This closure is dependent on various factors including snowmelt and reservoir releases. The public will be alerted once the official closure is in place. As flow amounts fluctuate, the bridge may require additional closures.

“River flows in the area have not been observed at these levels in 18 years. With the flood event expected to peak this Friday, we are taking proactive and cautionary measures at this particular bridge. Engineers and maintenance personnel will be assessing the structural integrity throughout this high-flow event,” stated Julie Constan, Regional Transportation Director.

For safety, CDOT has determined that the bridge structure at Roc Creek should be closed to traffic while peak water flows are occurring. The structure is located approximately 27.5 miles north of Naturita at Mile Point 88.5.

The National Weather Service (NWS) has issued a flood advisory for the Dolores River due to the increased release of water from McPhee Reservoir. The flood advisory also includes the Dolores and San Miguel Rivers due to heavy runoff from snowmelt. The flood advisory is in place until further notice and covers the counties of Montezuma, Dolores, San Miguel and Montrose.

Traffic Impacts

Check COtrip.org for current road closures and conditions or contact Southwest Region 5 Customer Service during weekday business hours 970-385-1423.

  • The northbound closure point is located just north of Naturita and the County Road CC junction, MP 64
  • The southbound closure point is located just south of Gateway, MP 110
  • Do not bypass the closure barricades
Dolores River flowing underneath a CDOT bridge structure located on CO 141
A photo captured on May 3, 2023 shows the Dolores River flowing underneath a CDOT bridge structure located on Colorado Highway 141 at mile point 88.5. River flow rates are nearing 10-year flood event levels.

For more information about the flood advisory, refer to the National Weather Service Flood Advisory. For more…

Source…

Gateway Casinos in Ontario face long road to recovery after ransomware attack, expert says

/in



Several casinos in Ontario remain closed nearly two weeks after a cyberattack, with no official reopening date.


The ransomware attack that knocked the servers out to Gateway Casinos facilities was first detected on April 16.


Technology analyst Carmi Levy said the situation is the digital equivalent of recovering from a major fire or similar disaster.


“It’s as bad as it gets. And unfortunately, the damage is going to take years to undo, even if they are able to undo it,” the London, Ont.-based digital expert said. “You don’t just flip a switch and come back on.”


On Thursday, Gateway posted online it hopes to reopen using a phased approach “later this week; however, the reopening timeline depends on the pace of restoration and approval by regulatory bodies.”


The cybersecurity incident impacted operations to 14 casinos, including Casino Rama in Orillia, Georgian Downs in Innisfil, and Playtime Casinos Wasaga Beach.


According to Levy, the recovery procedure is a “multi-faceted, multi-staged process” involving highly-trained people.


“We call these ‘business killer events’ for a reason. Many companies that are targeted successfully by ransomware never fully recover. The direct costs will be into the millions if not the tens of millions or beyond,” the tech analyst said.


While the company has said there is no evidence to believe customer’s data was breached, Levy believes it’s possible.


“There is a very strong likelihood that it has been – that it is either being bought and sold on the dark web or will be at some point in time because all of these ransomware events tend to play out in the same way. There’s no coming back from that. ,” he noted.


While Casino Rama’s gaming floor remains closed to gamblers, the Orillia facility welcomed back concertgoers Thursday night in an attempt at getting some operations back to normal.


“The concert was very well attended, and people seemed very excited to be there,” said Rob Mitchell, director of communications at Gateway Casinos and Entertainment Limited.


A Scotty McCreery concert is scheduled to go ahead on Saturday.


Still, the digital analyst believes Gateway will have a long road…

Source…

Malware is increasingly bypassing at least one email gateway at organizations

/in


An employee at a tech startup company works on his computer on the first day back in the office on March 24, 2021, in San Francisco.(Photo by Justin Sullivan/Getty Images)

As if the financial and payments industries required further confirmation that bad actors are outpacing most business network security in their sophistication, a new report found that there has been a growing spike in malware using “shortcuts” to get past email gateways and into stored data.

HP Inc.’s most recent HP Wolf Security Threat Insights Report, released Wednesday, reviewed the increasing rise in the second quarter of this year in the spread of multiple malware families — including QakBot, IceID, Emotet, and RedLine Stealer — across several key sectors.

Not surprisingly, slick, experienced threat actors are shifting their focus more and more to using so-called “shortcut” or LNK files to deliver their malware more quickly, the report noted. Perhaps more troubling, the research identified an 11% jump in the number of enterprises’ archive files that contained malware, including LNK files placed there by attackers via compressed email attachments to help them evade email scanners.

Indeed, even in regulated industries known for protecting their internal security and privacy — like financial services — the report found that 14% of email-related malware discovered in companies’ systems had slipped past at least one email gateway security scan in the second quarter of 2022. Further, nearly 7 out of 10 (69%) malware payloads are delivered via email, compared with just 17% that originate from web downloads, according to HP’s findings.

Patrick Schläpfer, malware analyst at HP Inc., said that threat actors’ capabilities to sneak past ostensibly sophisticated endpoint security, like network email scanners, so frequently should definitely provide a wake-up call to many financial cyber experts.

“This indicates that malicious and stealthy email campaigns employees across the finance and payments industries are reaching user inboxes and putting organizations at risk of attack,” he pointed out.

The number of malware families that were discovered has only bumped up a little — with 593 different…

Source…