News & Insights

A review of Shadowserver’s 20th year as the world’s largest provider of free, timely, actionable, daily cyber threat intelligence. Covering the latest improvements in our public benefit services, responses to emerging cyber threats, and detection and reporting of the latest vulnerabilities to National CSIRTs and system defenders globally. We provide highlights of our cybersecurity capacity building efforts, plus successful outcomes from our free support to Law Enforcement in major cybercrime disruption operations.

The Shadowserver Foundation and trusted partners have observed three different malicious campaigns that have exploited CVE-2023-3519, a code injection vulnerability rated CVSS 9.8 critical in Citrix NetScaler ADC and NetScaler Gateway. The summary below is based on collaboration with the individual compromised organizations, as well as their commercial incident response teams. All timestamps in this write-up are in UTC timezone, and they have all been slightly adjusted to not disclose the actual times. If you own a Citrix NetScaler or have those in your constituency, please follow the detection and hunting advice for signs of compromise and webshells!

We are happy to announce the addition of the support for multiple languages in our public Dashboard. Five different languages have been added: Arabic, Indonesian (Bahasa Indonesia), Malaysian (Bahasa Melayu), Filipino (Tagalog), Thai. This work was kindly supported by the UK Foreign, Commonwealth & Development Office (FCDO). If you are a National CSIRT or network owner who would like to see your own language added, please contact us to discuss helping to make that happen. Likewise, if you are a user with language/technical feedback on these translations, please do get in touch with suggestions and improvements.