Citrix Blogs
- XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 April 11, 2024CTX633151 NewXenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142Applicable Products : Citrix HypervisorXenServer
- Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575 March 12, 2024CTX616982 NewCitrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575Applicable Products : Citrix HypervisorXenServer
- Citrix SDWAN Security Bulletin for CVE-2024-2049 March 12, 2024CTX617071 NewCitrix SDWAN Security Bulletin for CVE-2024-2049Applicable Products : Citrix SD-WAN
- Citrix Hypervisor Security Bulletin for CVE-2023-46838 January 23, 2024CTX587605 NewCitrix Hypervisor Security Bulletin for CVE-2023-46838Applicable Products : Citrix HypervisorXenServer
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 January 19, 2024CTX584986 NewNetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549Applicable Products : NetScalerNetScaler Gateway
- Citrix StoreFront Security Bulletin for CVE-2023-5914 January 16, 2024CTX583759 NewCitrix StoreFront Security Bulletin for CVE-2023-5914Applicable Products : StoreFront
- Citrix Session Recording Security Bulletin for CVE-2023-6184 January 16, 2024CTX583930 NewCitrix Session Recording Security Bulletin for CVE-2023-6184Applicable Products : Citrix Virtual Apps and Desktops
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 November 27, 2023CTX579459 NewNetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967Applicable Products : NetScalerNetScaler Gateway
- Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 November 15, 2023CTX583037 NewCitrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835Applicable Products : Citrix HypervisorXenServer
- Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products October 13, 2023CTX581768 NewImpact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products
Sans News Feed
- ISC Stormcast For Friday, April 26th, 2024 https://isc.sans.edu/podcastdetail/8956, (Fri, Apr 26th) April 26, 2024
- ISC Stormcast For Thursday, April 25th, 2024 https://isc.sans.edu/podcastdetail/8954, (Thu, Apr 25th) April 25, 2024
- Does it matter if iptables isn't running on my honeypot?, (Thu, Apr 25th) April 25, 2024I've been working on comparing data from different DShield [1] honeypots to understand differences when the honeypots reside on different networks. One point of comparison is malware submitted to the honeypots. During a review of the summarized data, I noticed that one honeypot was an outlier in terms of malware captured.
- ISC Stormcast For Wednesday, April 24th, 2024 https://isc.sans.edu/podcastdetail/8952, (Wed, Apr 24th) April 24, 2024
- API Rug Pull - The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th) April 24, 2024A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:
- Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd) April 23, 2024Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console […]
- ISC Stormcast For Tuesday, April 23rd, 2024 https://isc.sans.edu/podcastdetail/8950, (Tue, Apr 23rd) April 23, 2024
- It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd) April 22, 2024It has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[1]. Back in May of 2021, I wrote a slightly optimistic diary mentioning that there were probably somewhere between 74.2 […]
- ISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd) April 22, 2024
- The CVE's They are A-Changing!, (Wed, Apr 17th) April 19, 2024The downloadable format of CVE's from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these downloads to populate your own feeds […]
Microsoft Security Feed
- Congratulations to the Top MSRC 2024 Q1 Security Researchers! April 17, 2024Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q1 Security Researcher Leaderboard are Yuki Chen, VictorV, and Nitesh Surana! Check out the full list of researchers recognized this […]
- Toward greater transparency: Adopting the CWE standard for Microsoft CVEs April 8, 2024At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide […]
- Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team April 2, 2024Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick’s love of learning and his natural curiosity led him to a career in technology […]
- Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard March 8, 2024This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight […]
- Faye’s Journey: From Security PM to Diversity Advocate at Microsoft February 29, 2024Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager (PM) in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s first few customers.
- Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope February 27, 2024Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.
- From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin February 26, 2024As a young boy, Devin found himself captivated by the adventures of Indiana Jones, the whip-wielding archaeologist from the VHS movies his grandfather showed him. The thrill of unearthing history and the allure of the unknown ignited a spark in Devin, leading him to dream of becoming an archaeologist. However, as he grew older and […]
- An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft February 20, 2024Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his
- New Security Advisory Tab Added to the Microsoft Security Update Guide February 15, 2024Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security Update Guide. Our goal is to find new […]
- Congratulations to the Top MSRC 2023 Q4 Security Researchers! January 30, 2024Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen, Wei, VictorV! Check out the full list of researchers recognized this quarter here.
Cyber Security Alerts
- CISA Releases Physical Security Checklist to Help Election Officials Secure Polling Locations April 22, 2024 CISA
- CISA Announces Winners of the 5th Annual President’s Cup Cybersecurity Competition April 19, 2024 CISA
- CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations April 17, 2024 CISA
- CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat April 11, 2024 CISA
- CISA Announces Malware Next-Gen Analysis April 10, 2024 CISA
- CISA Publishes High-Risk Communities Webpage April 2, 2024 CISA
- April is Emergency Communications Month April 1, 2024 CISA
- CISA Marks Important Milestone in Addressing Cyber Incidents; Seeks Input on CIRCIA Notice of Proposed Rulemaking March 27, 2024 CISA
- CISA, DC HSEMA and Regional Partners Conduct Exercise to Ensure National Capital Region Water Service Resilience March 22, 2024 CISA
- CISA Publishes Repository for Software Attestation and Artifacts March 18, 2024 CISA