Citrix Blogs
- ShareFile StorageZones Controller Security Update for CVE-2023-24489 August 17, 2023CTX559517 NewShareFile StorageZones Controller Security Update for CVE-2023-24489Applicable Products : Citrix Content CollaborationShareFile
- Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982 August 8, 2023CTX569353 NewCitrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982Applicable Products : Citrix HypervisorXenServer
- Citrix Hypervisor Security Update for CVE-2023-20593 August 3, 2023CTX566835 NewCitrix Hypervisor Security Update for CVE-2023-20593Applicable Products : Citrix HypervisorXenServer
- Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 July 18, 2023CTX561482 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467Applicable Products : Citrix ADCCitrix Gateway
- Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492 July 11, 2023CTX564169 NewCitrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492Applicable Products : Citrix ADCCitrix Gateway
- Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491 July 11, 2023CTX561480 UpdatedCitrix Secure Access client for Windows Security Bulletin for CVE-2023-24491Applicable Products : Citrix ADCCitrix Gateway
- Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 June 14, 2023CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops
- Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 May 9, 2023CTX477714 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488Applicable Products : Citrix ADCCitrix Gateway
- Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 February 28, 2023CTX477618 NewCitrix Workspace app for Linux Security Bulletin for CVE-2023-24486Applicable Products : Citrix Workspace App
- Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 February 14, 2023CTX477616 NewCitrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483Applicable Products : Citrix Virtual Apps and Desktops
Sans News Feed
- Are Local LLMs Useful in Incident Response?, (Tue, Oct 3rd) October 3, 2023
- ISC Stormcast For Tuesday, October 3rd, 2023 https://isc.sans.edu/podcastdetail/8684, (Tue, Oct 3rd) October 3, 2023
- ISC Stormcast For Monday, October 2nd, 2023 https://isc.sans.edu/podcastdetail/8682, (Mon, Oct 2nd) October 2, 2023
- Friendly Reminder: ZIP Metadata is Not Encrypted, (Mon, Oct 2nd) October 2, 2023ZIP archives store compressed files including their metadata (filesize, date/time, ...). When a contained file is password protected, the compressed data is encrypted, but the metadata is not.
- Analyzing MIME Files: a Quick Tip, (Sun, Oct 1st) October 1, 2023In my blog post "Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs" I explain how to search through MIME files with my tool emldump.py to find suspicious/malicious content:
- Simple Netcat Backdoor in Python Script, (Sat, Sep 30th) September 30, 2023Why reinvent the wheel? We are all lazy and, if we have a tool that offers some interesting capabilities, why not use it? I spotted a simple maliciouis Python script targeting Windows hosts. The file (SHA256:d706d94981bc53ab1458519f224b9602152325fc2a18f3df9d9da8f562b99044) is flagged by 16 antivirus products on VirusTotal[1]. Nothing very exciting with the script, it's a bot that uses a […]
- Are You Still Storing Passwords In Plain Text Files?, (Fri, Sep 29th) September 29, 2023"Infostealer" malware have been in the wild for a long time now. Once the computer's victim is infected, the goal is to steal "juicy" information like passwords, cookies, screenshots, keystrokes, and more. Yesterday, I spotted an interesting sample. It's delivered through an FTP connection. The file (SHA256:2bf9a44bd546e0fd1448521669136220dc49146b0f3a5cd7863698ac79b5e778) is unknown on VirusTotal.
- ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th) September 29, 2023
- IPv4 Addresses in Little Endian Decimal Format, (Thu, Sep 28th) September 28, 2023If you look at the XML EventData of Windows events like 1002 (DHCP error), you will see something like this:
- ISC Stormcast For Thursday, September 28th, 2023 https://isc.sans.edu/podcastdetail/8678, (Thu, Sep 28th) September 28, 2023
Microsoft Security Feed
- Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 October 2, 2023Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released […]
- Journey Down Under: How Rocco Became Australia’s Premier Hacker September 25, 2023Fun facts about Rocco Calvi (@TecR0c): Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher. Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits.
- Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token September 18, 2023Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for […]
- Results of Major Technical Investigations for Storm-0558 Key Acquisition September 6, 2023On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the […]
- Azure Serial Console Attack and Defense - Part 1 August 10, 2023Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting […]
- Updating our Vulnerability Severity Classification for AI Systems August 8, 2023The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.
- Congratulations to the MSRC 2023 Most Valuable Security Researchers! August 8, 2023The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.
- Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards August 7, 2023We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.
- Microsoft mitigates Power Platform Custom Code information disclosure vulnerability August 4, 2023Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required.
- BlueHat October 2023 Call for Papers is Now Open! July 27, 2023As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and […]
Cyber Security Alerts
- CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression September 29, 2023 CISA
- CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World September 28, 2023For the 20th anniversary of Cybersecurity Awareness Month, CISA is highlighting different ways individuals and organizations can improve their cybersecurity habits to Secure Our World.CISA
- CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity September 27, 2023 CISA
- CISA and FEMA Open the Application Process for the Tribal Cybersecurity Grant Program September 27, 2023 CISA
- CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online September 26, 2023 CISA
- CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM) September 25, 2023 CISA
- CISA, NFL, and Local Partners Conduct Cybersecurity Exercise in Preparation for Super Bowl LVIII September 20, 2023 CISA
- CISA Sponsors Hack the Building 2.0 Hospital Competition September 18, 2023 CISA
- Readout from CISA’s 2023 Third Quarter Cybersecurity Advisory Committee Meeting September 13, 2023 CISA
- CISA Announces Open Source Software Security Roadmap September 12, 2023 CISA