About two weeks ago alarm bells rang over a newly-discovered (and unpatched) flaw in Citrix servers. The vulnerability, technically dubbed CVE-2019-19781 but also known as “Shitrix”, was found to be present on Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) commonly used on corporate networks.
Then we discovered hackers were seemingly-altruistically inoculating vulnerable servers from further Shitrix attacks, but actually at the same time opening a secret backdoor to allow future cybercriminal campaigns.
Things really took a bizarre twist when the Dutch press reported the threat of more traffic jams as government employees in The Netherlands were forced by the vulnerability to travel to work rather than log in remotely.
And now? Now, with sad predictability, we’re getting the first reports of ransomware being planted by hackers exploiting the Shitrix flaw.
I examined the files #REvil posted from https://t.co/3wfGoNUqp4 after they refused to pay the #ransomware.
the interesting thing I discovered is that they obviously hacked Gedia via the
Support the originator by clicking the read the rest link below.
