Tuesday, March 19, 2019
Citrix

Citrix Application Delivery Management (ADM) Agent Security Update

CTX247738 NewApplicable Products :  Citrix Application Delivery ManagementA vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be...
Citrix

Citrix XenServer Multiple Security Updates

CTX246572 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that, depending on configuration, may allow a malicious user of a PV...
Citrix

TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway

CTX240139 NewApplicable Products :  NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1, NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware...
Citrix

Citrix XenServer Security Update

CTX239432 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.These issues affect the following supported versions of Citrix XenServer:Citrix XenServer 7.6 Citrix XenServer...
Citrix

Citrix XenServer Security Update

CTX239100 NewApplicable Products :  XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions...
Citrix

Cross-Site Scripting Vulnerability in Citrix NetScaler

CTX239002 NewApplicable Products :  NetScaler 10.1, NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition.  This vulnerability could potentially be used to execute malicious client-side script...
Citrix

Citrix ShareFile StorageZones Controller Multiple Security Updates

CTX238022 UpdatedApplicable Products :  ShareFileTwo security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system,...
Citrix

XenServer Multiple Security Updates

CTX236548 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.4, XenServer 7.5Several security issues have been identified that impact XenServer. Customers should consider these issues and determine possible impact to their own systems. These updates provide a mitigation for recently...
Citrix

Citrix XenServer Multiple Security Updates

CTX235748 UpdatedApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or...
Citrix

Citrix XenServer Security Update for CVE-2018-3665

CTX235745 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5An issue has been identified in certain CPUs that may allow code running in a guest VM to read data from another process in the same VM...
Citrix

Citrix XenServer Security Update for CVE-2018-3639

CTX235225 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4CVE-2018-3639 Speculative Store Bypass Disable is an issue that may affect third-party software that runs in guest VMs on Citrix XenServer.  This is not an issue caused by...
Citrix

Citrix XenMobile 10.x Multiple Security Updates

CTX234879 NewApplicable Products :  XenMobile 10.7, XenMobile 10.8A number of security vulnerabilities have been identified in Citrix XenMobile Server.  The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8:CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in...
Citrix

Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

CTX234869 UpdatedApplicable Products :  NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A flaw has been identified in the AppFirewall feature of Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway that could result in arbitrary code execution and...
Citrix

Citrix XenServer Multiple Security Updates

CTX231390 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.2, XenServer 7.3Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001),...
Citrix

Citrix XenServer Multiple Security Updates

CTX234679 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1, XenServer 7.2, XenServer 7.3, XenServer 7.4A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.