At a glance.
- CISA requires US Federal agencies to patch Citrix Netscaler flaw within a week.
- VF ransomware attack affected data belonging to 35 million customers.
- UK councils disrupted by cyberattacks.
- Kansas State University sustains cyberattack.
CISA requires US Federal agencies to patch Citrix Netscaler flaw within a week.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal agencies to patch a Citrix NetScaler vulnerability (CVE-2023-6548) by next Wednesday (January 24th), the Record reports. The flaw involves "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway [that] allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface."
A second vulnerability affecting NetScaler ADC and NetScaler Gateway (CVE-2023-6549) must be patched by US Federal agencies by February 7th.