Citrix has disclosed that vulnerable NetScaler Application Delivery Controller and Gateway instances have been targeted in ongoing attacks leveraging the critical remote code execution flaw, tracked as CVE-2023-3519, The Hacker News reports.
Threat actors could successfully exploit the vulnerability, which impacts various NetScaler ADC and NetScaler Gateway appliances, provided that the targeted devices are configured to either be a Gateway or authorization and accounting virtual server, according to Citrix, which has already released updates to address the vulnerability along with an improper input validation bug, tracked as CVE-2023-3466, and the improper privilege management flaw, tracked as CVE-2023-3467. However, organizations leveraging NetScaler ADC and NetScaler Gateway version 12.1, which have reached end-of-life, were urged to upgrade to newer versions of the appliance software.
Such attacks have prompted the inclusion of CVE-2023-3519 in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to remediate the flaw by Aug. 9.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news