Lmst

“Two #Brisbane #entrepreneurs whose start-up helps major companies find weaknesses in their #cybersecurity have sold out to a British private equity-backed firm for more than $100 million.

Michael #Gianarakis and Shubham #Shah, who describe themselves as #EthicalHackers, founded #Assetnote in 2018. They have since signed Atlassian, Qantas and Canva as clients, and have been profitable since they started.”

#Australia / #Hackers <https://afr.com/technology/brisbane-ethical-hackers-bank-100m-payday-from-uk-buyer-20250130-p5l8ej>

"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

Source: BleepingComputer

Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec