CISA pushes federal agencies to patch Citrix RCE within a week

pVMware confirms critical vCenter flaw now exploited in attacksppCISA emergency directive Mitigate Ivanti zerodays immediatelyppVans North Face owner says ransomware breach affects 35 million peopleppTeamViewer abused to breach networks in new ransomware attacksppTrezor support site breach exposes personal data of 66000 customersppHackers start exploiting critical Atlassian Confluence RCE flawppGet handson training with this 50 CompTIA exam prep simulation bundleppTietoevry ransomware attack causes outages for Swedish firms citiesppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppToday CISA ordered US federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zerodays actively exploited in attacks pushing for a Citrix RCE bug to be patched within a weekppThe cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today saying that such vulnerabilities are frequent attack vectors for malicious cyber actors that pose significant risks to the federal enterpriseppCitrix urged customers on Tuesday to immediately patch Internetexposed Netscaler ADC and Gateway appliances against the CVE20236548 code injection vulnerability and the CVE20236549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denialofservice attacks respectivelyppThose who cant immediately install the security updates can block network traffic to affected instances and ensure theyre not accessible online as a temporary workaround According to the Shadowserver threat monitoring platform more than 51000 Netscaler appliances are exposed online right now with only 1500 having their management interfaces accessible over the InternetppCISA also added the CVE20240519 outofbounds memory access in the Chromium V8 JavaScript engine to its KEV list today This is the first Chrome zeroday exploited in the wild patched by Google this yearppAfter their inclusion in CISAs KEV list US Federal Civilian Executive Branch Agencies FCEB must patch devices vulnerable devices on their networks within a specific timetable as mandated by a binding operational directive BOD 2201 issued three years agoppOut of the three nowpatched zerodays the cybersecurity agency wants the CVE20236548 vulnerability impacting NetScaler ADC and Gateway management interfaces to be patched within a week by next Wednesday January 24ppThe other two the CVE20236549 NetScaler buffer overflow and the CVE20240519 Google Chrome bug must be mitigated within three weeks by February 7ppAlthough CISA did not explain the expedited CVE20236548 patch process Citrixs warning that customers should secure vulnerable appliances as soon as possible and the bugs management interface impact likely played a significant roleppEven though BOD 2201 applies only to US federal agencies CISA urged all organizations including private companies to prioritize patching these security flaws as soon as possibleppCitrix warns of new Netscaler zerodays exploited in attacksppCISA emergency directive Mitigate Ivanti zerodays immediatelyppChinese hackers exploit VMware bug as zeroday for two yearsppVMware confirms critical vCenter flaw now exploited in attacksppJuniper warns of critical RCE bug in its firewalls and switchesppNot a member yet Register NowppCourt charges dev with hacking after cybersecurity issue disclosureppTietoevry ransomware attack causes outages for Swedish firms citiesppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp