‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
Both nation-state hackers and cybercriminal gangs are exploiting a vulnerability affecting Citrix products, federal cyber officials warned on Tuesday. The ‘Citrix Bleed’ bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks. Despite a security bulletin from Citrix in October rating the bug a 9.4 out of 10 on the CVSS severity scale, research tool ShadowServer shows that thousands of instances where the tool is used were still vulnerable to the issue as of November 2, with nearly 2,000 in North America alone.