The Secureworks® Threat Intelligence Executive Report (Volume 2024, Number 1) discusses the critical Citrix NetScaler vulnerability known as "Citrix Bleed" (CVE-2023-4966), which was actively exploited by LockBit ransomware affiliates as of early November 2023. This vulnerability affects Citrix NetScaler ADC and Gateway appliances and allows attackers to steal session tokens by exploiting a buffer overflow flaw, bypassing multi-factor authentication, and hijacking user sessions. Despite notification and available patches, widespread exploitation by threat actors highlights the ongoing risk posed by high-profile vulnerabilities like Citrix Bleed, reinforcing the need for rapid response and incident awareness in organizations.

Join for free to read