Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns

5 min read
Views
Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word "exploit"

Enlarge (credit: Getty Images)

Organizations big and small are once again scrambling to patch critical vulnerabilities that are already under active exploitation and cause the kind of breaches coveted by ransomware actors and nation-state spies.

The exploited vulnerabilities—one in Adobe ColdFusion and the other in various Citrix NetScaler products—allow for the remote execution of malicious code. Citrix on Tuesday patched the vulnerabilities, but not before threat actors exploited them. The most critical vulnerability, tracked as CVE-2023-3519, lurks in Citrix’s NetScaler ADC and NetScaler Gateway products. It carries a severity rating of 9.8 out of a possible 10 because it allows hackers to execute code remotely with no authentication required.

Read Also :

“This product line is a popular target for attackers of all skill levels, and we expect that exploitation will increase quickly,” researchers from Rapid7, the security firm that detected the attacks, warned Tuesday.

Read 7 remaining paragraphs | Comments



source https://arstechnica.com/?p=1954819
BotolBaba aka Mehedi Hasan Ariyan is an Bangladeshi Actor, Musical Artist, Entrepreneur & YouTube Personality. He releases his soundtracks on different music platforms like Spotify, Google Play M…

Post a Comment

Cookies Consent

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.

Learn More