Rumors are circulating in the security community that the hackers got Citrix source code including for the Citrix Gateway VPN access server. Apparently it didn't take long for them to figure out how to access these systems. Customers are reporting intrusion attempts on their Gateway systems and Citrix is scrambling to create a fix. In the mean time people are saying that Citrix support is having to deal with alarmed and angry customers.
16 replies (most recent on top)
There are fresh vulnerabilities discovered in netscaler rumored to be circulating on the darkweb.
Haha perhaps Stan the fatty should focus less on winning fake awards and actually doing security
Liveleaks? The video sharing site?? I'm quite positive that if netscaler source code were making its way around the web, there'd be an awful lot of twitter and cybersec chatter about it. There is none. I'm gonna go ahead and call BS on this. Offer up some reputable links or sources or give up the #FAKENEWS
The source code was leaked online but the server that leaked it was taken down. Liveleaks has it periodically
Guess you missed this part “...all you have left is Citrix’s official statement that there was a breach some business documents MAY have been accessed.”
Stan already fessed up in his blog that the breach happened and that he’s been talking with the FBI. It’s not all on Resecurity.
those of us for here long enough remember when and why the "CSIO" was hired in the first place. This bad news is not a surprise to anyone.
@Y9Pmanq-1lbn That’s absolute garbage the article you linked to doesn’t say they have source code. They said it could be bad IF they got the source code.
More importantly, every article out there with sensational statements are citing Resecurity, who are being questioned and dismissed by real cyber security folks. They’ve tracked the company back to one guy who has a history of lying about inside info on past breaches.
He claimed to know who hacked target and blamed a 17 year old kid. Was later proven wrong and 5r ceo of the company had to walk it back. He was later fired.
Resecurity’s ceo has almost no history on LinkedIn and it looks like the majority of their website was only created in February.
If you remove all of the sensational claims made by resecurity because they’re completely unsourced and uncorroborated, all you have left is Citrix’s official statement that there was a breach some business documents MAY have been accessed.
Do your own homework and try to find ANY data out there that didn’t come from resecurity.
https://mobile.twitter.com/imdeaconblues/status/1105046806222782466
https://mobile.twitter.com/riskybusiness/status/1106324704522977280
There are dozens of articles about this breach. Too many to list. Just search “Citrix security breach”.
This article discusses the loss of source code for Citrix Gateway. People are constrained as to what they can say publicly given the seriousness of the situation.
https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/#676516cb1476
Fake news
Not outside the realm of possibility to wonder if hackers jumped from corp to eng domains. We DO have an eng office in freaking china. Maybe they just got in that way.
Can anyone provide a single link to a reputable source with these claims or are you just completely full of it?
Citrix Gateway, formerly NetScaler Unified Gateway, now know as Pwned by Iran.
Citrix, all your NetScaler are belong to us!
Oops! A Citrix marketing flunky got triggered. It’s called Citrix Gateway and it’s a VPN server. Oh right the full name is formerly NetScaler Unified Gateway.
Total B.S.. And for God's sake get the product name right.