Citrix Blogs
- Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 May 9, 2023CTX477714 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488Applicable Products : Citrix ADCCitrix Gateway
- Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 February 28, 2023CTX477618 NewCitrix Workspace app for Linux Security Bulletin for CVE-2023-24486Applicable Products : Citrix Workspace App
- Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 February 14, 2023CTX477616 NewCitrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483Applicable Products : Citrix Virtual Apps and Desktops
- Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485 February 14, 2023CTX477617 UpdatedCitrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485Applicable Products : Citrix Workspace App
- Citrix Hypervisor Security Bulletin for CVE-2022-3643, CVE-2022-42328 & CVE-2022-42329 December 19, 2022CTX473048 NewCitrix Hypervisor Security Bulletin for CVE-2022-3643, CVE-2022-42328 & CVE-2022-42329Applicable Products : Citrix Hypervisor
- Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 December 13, 2022CTX474995 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518Applicable Products : Citrix ADCCitrix Gateway
- Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 November 11, 2022CTX463706 NewCitrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516Applicable Products : Citrix ADCCitrix Gateway
- Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318 November 1, 2022CTX472851 NewCitrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318Applicable Products : Citrix Hypervisor
- Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749 October 11, 2022CTX465146 NewCitrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749Applicable Products : Citrix Hypervisor
- Citrix Hypervisor Security Bulletin for CVE-2020-35498 September 13, 2022CTX463901 NewCitrix Hypervisor Security Bulletin for CVE-2020-35498Applicable Products : Citrix Hypervisor
Sans News Feed
- ISC Stormcast For Friday, June 2nd, 2023 https://isc.sans.edu/podcastdetail/8522, (Fri, Jun 2nd) June 2, 2023
- After 28 years, SSLv2 is still not gone from the internet... but we're getting there, (Thu, Jun 1st) June 1, 2023Although the SSL/TLS suite of protocols has been instrumental in making secure communication over computer networks into the (relatively) straightforward affair it is today, the beginnings of these protocols were far from ideal.
- ISC Stormcast For Thursday, June 1st, 2023 https://isc.sans.edu/podcastdetail/8520, (Thu, Jun 1st) June 1, 2023
- Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi, (Tue, May 30th) May 31, 2023Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” [1] In simple terms, NiFi implements a web-based interface to define how data is moved from a source to a destination. Users may define various “processors” to manipulate data along the way. This is often needed when processing business […]
- ISC Stormcast For Wednesday, May 31st, 2023 https://isc.sans.edu/podcastdetail/8518, (Wed, May 31st) May 31, 2023
- ISC Stormcast For Tuesday, May 30th, 2023 https://isc.sans.edu/podcastdetail/8516, (Tue, May 30th) May 30, 2023
- Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT, (Tue, May 30th) May 30, 2023Introduction
- Analyzing Office Documents Embedded Inside PPT (PowerPoint) Files, (Mon, May 29th) May 29, 2023I was asked how to analyze Office Documents that are embedded inside PPT files. PPT is the "standard" binary format for PowerPoint, it's an olefile. You can analyze it with oledump.py:
- Wireshark 4.0.6 Released, (Mon, May 29th) May 29, 2023Wireshark version 4.0.6 was released with 9 vulnerabilities and 15 bugs fixed.
- We Can no Longer Ignore the Cost of Cybersecurity, (Sun, May 28th) May 28, 2023I read recently that disregarding cyber risks is a way of inviting trouble and unnecessary attention to any organization. Cyber threats is nothing new, everyone is a target taking many forms whether it is by some form of scanning or targeted phishing. For example, Sophos describes the naughty nine which are all some form of […]
Microsoft Security Feed
- Announcing The BlueHat Podcast: Listen and Subscribe Now! May 17, 2023Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate […]
- CVE-2023-24932 に関連するセキュア ブート マネージャーの変更に関するガイダンス May 9, 2023本ブログは、Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 の抄訳版です。最新の情報は原文を参照してください。 概要
- Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 May 9, 2023Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware […]
- 2023 年 5 月のセキュリティ更新プログラム (月例) May 9, 20232023 年 5 月 9 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- マイクロソフトのオンラインサービスにおける、脆弱性の深刻度分類の公開 April 18, 2023本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク
- Microsoft Vulnerability Severity Classification for Online Services Publication April 18, 2023The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications.
- Congratulations to the Top MSRC 2023 Q1 Security Researchers! April 13, 2023Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of […]
- Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access April 11, 2023Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and […]
- Azure Storage Keys、Azure Functions、Azure Role Based Access に関するベスト プラクティス April 11, 2023本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概
- 2023 年 4 月のセキュリティ更新プログラム (月例) April 11, 20232023 年 4 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
Cyber Security Alerts
- U.S. and International Partners Release Advisory Warning of PRC State-Sponsored Cyber Activity May 24, 2023CISA, NSA, and the FBI along with the ACSC, CCCS, and the NCSC-UK are publishing a Joint Cybersecurity Advisory today that shares technical details regarding malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor.CISA
- CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide May 23, 2023CISA, FBI, NSA, MS-ISAC today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools.CISA
- CISA and ONCD Award Champions of the Fourth Annual President’s Cup Cybersecurity Competition May 18, 2023The Cybersecurity and Infrastructure Security Agency (CISA) and Office of the National Cyber Director (ONCD) awarded the winners of the fourth annual President’s Cup Cybersecurity Competition in a private ceremony at the White House on Monday, May 15.CISA
- CISA and Secret Service Release Toolkit for K-12 Schools to Strengthen School Safety Reporting Programs May 16, 2023The CISA-USSS K-12 Bystander Reporting Toolkit provides strategies K-12 schools and districts can use to implement and enhance safety reporting programs and encourage bystander reporting among students and other members of the school community.CISA
- Public-Private Partners Huddle to Tackle Security at the 88th Annual NFL Draft May 4, 2023Local officials, federal agencies, and military engineers went the whole nine yards in partnering with the National Football League (NFL) to enhance security for the 88th annual draft.CISA
- CISA, Cyber National Mission Force Leaders Share How They Partner: First-Ever Ops Revealed to Industry April 25, 2023In line with the theme for this year’s RSA Conference, Stronger Together, Eric Goldstein and Army Maj. Gen. William J. Hartman delivered a presentation on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountableCISA
- CISA Announces Plans to Establish Logging Made Easy Service April 20, 2023CISA announces plans to develop and establish Logging Made Easy (LME) tool, a service originally developed and maintained by the United Kingdom’s National Cyber Security Centre (NCSC-UK) until March 31, 2023.CISA
- U.S., U.K., Australia, Canada and New Zealand Release Cybersecurity Best Practices for Smart Cities April 19, 2023 CISA
- Kiersten Todt Departing CISA as Chief of Staff and Kathryn Coulter Mitchell to Become New Chief of Staff April 18, 2023CISA announced today that Kiersten Todt will be departing from her role as CISA Chief of Staff to return to the private sector, while continuing to work with Director Easterly and the agency in a senior advisory capacity.CISA
- U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches April 13, 2023Press Release on joint product that outlines clear steps technology providers can take to increase the safety of products used around the world.CISA