Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. This is the third in a series of ‘must patch’ vulnerabilities in recent months for Citrix, and it comes on the heels of a public breach the company announced in March of 2019.
Citrix—one of the world’s largest networking and remote access technology companies—announced patches for a known vulnerability in March more than one month after it was disclosed. Citrix is a $15BN company that more than 400,000 companies, including many of the Fortune 500, rely upon to keep their data safe and networks secure. In January this year, FireEye called out Citrix for belated vulnerability patching related to a malware exploit, so this latest news is an indication of continued problems.
At least one of these vulnerabilities appears to be targeting IT administrators whose logins can be exploited without authentication. According to experts, a hacker could then use this access to gain further control and access, execute a ransomware attack and shutdown systems. This type of incident is when the real financial pain for companies is felt. In the work-from-home era and with the rise of ransomware more broadly, more corporate networks appear susceptible to such an attack.
Boards and C-suites have been happy with the productivity and cost efficiencies of such outsourcing, but this has come at the expense of weaker security for many companies. Post COVID‑19, companies are relying upon services provided by companies like Citrix to a much greater extent than before to just function.
As Cyberhedge highlighted previously, third-party cloud providers and managed service providers are now critical infrastructure for the world’s most valuable companies—as they go, so go their customers.