Security researchers say hackers are mass-exploiting a critical-rated vulnerability in Citrix NetScaler systems to launch crippling cyberattacks against big-name organizations worldwide.
The flaw is described as a sensitive information disclosure vulnerability that allows remote unauthenticated attackers to extract large amounts of data from a vulnerable Citrix device's memory, including sensitive session tokens (hence the name "CitrixBleed.") The bug requires little effort or complexity to exploit, allowing hackers to hijack and use legitimate session tokens to compromise a victim's network without needing a password or using two-factor.
[
add
]
[
|
|
...
]