Citrix Blogs
- XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 April 11, 2024CTX633151 NewXenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142Applicable Products : Citrix HypervisorXenServer
- Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575 March 12, 2024CTX616982 NewCitrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575Applicable Products : Citrix HypervisorXenServer
- Citrix SDWAN Security Bulletin for CVE-2024-2049 March 12, 2024CTX617071 NewCitrix SDWAN Security Bulletin for CVE-2024-2049Applicable Products : Citrix SD-WAN
- Citrix Hypervisor Security Bulletin for CVE-2023-46838 January 23, 2024CTX587605 NewCitrix Hypervisor Security Bulletin for CVE-2023-46838Applicable Products : Citrix HypervisorXenServer
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 January 19, 2024CTX584986 NewNetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549Applicable Products : NetScalerNetScaler Gateway
- Citrix StoreFront Security Bulletin for CVE-2023-5914 January 16, 2024CTX583759 NewCitrix StoreFront Security Bulletin for CVE-2023-5914Applicable Products : StoreFront
- Citrix Session Recording Security Bulletin for CVE-2023-6184 January 16, 2024CTX583930 NewCitrix Session Recording Security Bulletin for CVE-2023-6184Applicable Products : Citrix Virtual Apps and Desktops
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 November 27, 2023CTX579459 NewNetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967Applicable Products : NetScalerNetScaler Gateway
- Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 November 15, 2023CTX583037 NewCitrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835Applicable Products : Citrix HypervisorXenServer
- Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products October 13, 2023CTX581768 NewImpact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products
Sans News Feed
- A Vuln is a Vuln, unless the CVE for it is after Feb 12, 2024, (Wed, Apr 17th) April 18, 2024The NVD (National Vulnerability Database) announcement page (https://nvd.nist.gov/general/news/nvd-program-transition-announcement) indicates a growing backlog of vulnerabilities that are causing delays in their process.
- ISC Stormcast For Thursday, April 18th, 2024 https://isc.sans.edu/podcastdetail/8944, (Thu, Apr 18th) April 18, 2024
- Malicious PDF File Used As Delivery Mechanism, (Wed, Apr 17th) April 17, 2024Billions of PDF files are exchanged daily and many people trust them because they think the file is "read-only" and contains just "a bunch of data". In the past, badly crafted PDF files could trigger nasty vulnerabilities in PDF viewers. All of them were affected at least once, especially Acrobat or FoxIt readers. A PDF […]
- ISC Stormcast For Wednesday, April 17th, 2024 https://isc.sans.edu/podcastdetail/8942, (Wed, Apr 17th) April 17, 2024
- Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400, (Tue, Apr 16th) April 16, 2024The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits [1].
- Rolling Back Packages on Ubuntu/Debian, (Tue, Apr 16th) April 16, 2024Package updates/upgrades by maintainers on the Linux platforms are always appreciated, as these updates are intended to offer new features/bug fixes. However, in rare circumstances, there is a need to downgrade the packages to a prior version due to unintended bugs or potential security issues, such as the recent xz-utils backdoor. Consistently backing up your […]
- ISC Stormcast For Tuesday, April 16th, 2024 https://isc.sans.edu/podcastdetail/8940, (Tue, Apr 16th) April 16, 2024
- Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400), (Mon, Apr 15th) April 15, 2024This is a quick update to our initial diary from this weekend [CVE-2024-3400].
- Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400), (Sat, Apr 13th) April 15, 2024On Friday, Palo Alto Networks released an advisory warning users of Palo Alto's Global Protect product of a vulnerability that has been exploited since March [1].
- ISC Stormcast For Sunday, April 14th, 2024 https://isc.sans.edu/podcastdetail/8938, (Sat, Apr 13th) April 13, 2024
Microsoft Security Feed
- Congratulations to the Top MSRC 2024 Q1 Security Researchers! April 17, 2024Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q1 Security Researcher Leaderboard are Yuki Chen, VictorV, and Nitesh Surana! Check out the full list of researchers recognized this […]
- Toward greater transparency: Adopting the CWE standard for Microsoft CVEs April 8, 2024At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide […]
- Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team April 2, 2024Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick’s love of learning and his natural curiosity led him to a career in technology […]
- Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard March 8, 2024This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight […]
- Faye’s Journey: From Security PM to Diversity Advocate at Microsoft February 29, 2024Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager (PM) in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s first few customers.
- Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope February 27, 2024Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.
- From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin February 26, 2024As a young boy, Devin found himself captivated by the adventures of Indiana Jones, the whip-wielding archaeologist from the VHS movies his grandfather showed him. The thrill of unearthing history and the allure of the unknown ignited a spark in Devin, leading him to dream of becoming an archaeologist. However, as he grew older and […]
- An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft February 20, 2024Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his
- New Security Advisory Tab Added to the Microsoft Security Update Guide February 15, 2024Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security Update Guide. Our goal is to find new […]
- Congratulations to the Top MSRC 2023 Q4 Security Researchers! January 30, 2024Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen, Wei, VictorV! Check out the full list of researchers recognized this quarter here.
Cyber Security Alerts
- CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations April 17, 2024 CISA
- CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat April 11, 2024 CISA
- CISA Announces Malware Next-Gen Analysis April 10, 2024 CISA
- CISA Publishes High-Risk Communities Webpage April 2, 2024 CISA
- April is Emergency Communications Month April 1, 2024 CISA
- CISA Marks Important Milestone in Addressing Cyber Incidents; Seeks Input on CIRCIA Notice of Proposed Rulemaking March 27, 2024 CISA
- CISA, DC HSEMA and Regional Partners Conduct Exercise to Ensure National Capital Region Water Service Resilience March 22, 2024 CISA
- CISA Publishes Repository for Software Attestation and Artifacts March 18, 2024 CISA
- CISA Announces New Efforts to Help Secure Open Source Ecosystem March 7, 2024 CISA
- CISA and Partners Coordinate on Security and Resilience for Super Tuesday March 4, 2024 CISA