CISA, FBI, and ACSC warn of LockBit 3.0 ransomware exploiting the critical "Citrix Bleed" vulnerability (CVE-2023-4966) in Citrix appliances. Businesses are urged to patch immediately, as attackers can bypass MFA and gain unauthorized access, posing serious cyber risks.
In a crucial cybersecurity collaboration, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have issued a joint advisory about LockBit 3.0 ransomware exploiting the CVE-2023-4966 vulnerability, known as "Citrix Bleed." This vulnerability affects Citrix NetScaler ADC and Gateway appliances.
The advisory details TTPs and IOCs sourced from the FBI, ACSC, and Boeing. Boeing's experience with LockBit 3.0 exploiting CVE-2023-4966 for unauthorised access highlights the threat's seriousness. LockBit 3.0, known for its diverse attack methods, targets multiple critical infrastructure sectors. "Citrix Bleed" allows attackers to bypass passwords and MFA, facilitating unauthorised access and data compromise.
CISA and partnering organisations stress the urgency of applying the recommended mitigations, including isolating affected appliances and updating software via the Citrix Knowledge Center. The vulnerability, which enables hijacking legitimate user sessions, was identified in early 2023 and publicly disclosed by Citrix in October 2023. Due to its severity, CISA added it to the KEVs Catalog, emphasising its critical impact on various software versions.
This advisory's release is a significant wake-up call for businesses globally. It underscores the escalating sophistication of cyber threats, particularly ransomware like LockBit 3.0, which now exploit critical vulnerabilities to gain extensive access to corporate networks. The ability to bypass MFA, a cornerstone of modern cybersecurity defences, represents a new level of threat that requires immediate and proactive response. Businesses, especially those in critical infrastructure sectors, must prioritise patching vulnerabilities like CVE-2023-4966 and adopt a layered security approach. This incident highlights the ongoing arms race in cybersecurity, where businesses must constantly evolve their defences in response to increasingly advanced cyber threats.
ASIO’s $12.5 billion espionage warning is more than a tally of stolen secrets. It reveals a national digital crisis. With 24 major spy operations disrupted and identity systems exposed, Australia’s critical infrastructure and social services face a growing risk of collapse from unseen cyber threats.
Asia-Pacific faces escalating cyber threats: Qantas breach exposes 6M records, ransomware surges 57%, Japan doubles cybersecurity workforce by 2030. Singapore implements anti-scam laws, Indonesia establishes AI task force. Aviation sector under coordinated attack by Scattered Spider group.
Qantas has confirmed a cyberattack exposing data from six million customers. Cybersecurity experts link the breach to the Scattered Spider group, known for targeting critical infrastructure. The incident highlights rising threats across the global aviation sector.
Asia-Pacific faced over one-third of all cyberattacks in 2024, making it the world’s top target. From manufacturing breaches to talent shortages and rising ransomware, CNC investigates how a region of digital ambition became cybercrime’s global epicentre.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
