https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33376#M2430 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1676172747">@MJM</a>&nbsp;&nbsp; Here is an example of Australian Security Directorate taking action:</P><P>&nbsp;</P><P><A href="https://www.itnews.com.au/news/citrix-bug-forced-defence-to-pull-recruitment-database-offline-538955?eid=3&amp;edate=20200305&amp;utm_source=20200305_PM&amp;utm_medium=newsletter&amp;utm_campaign=daily_newsletter" target="_blank">https://www.itnews.com.au/news/citrix-bug-forced-defence-to-pull-recruitment-database-offline-538955?eid=3&amp;edate=20200305&amp;utm_source=20200305_PM&amp;utm_medium=newsletter&amp;utm_campaign=daily_newsletter</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Thu, 05 Mar 2020 03:06:20 GMT Caute_cautim 2020-03-05T03:06:20Z https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33341#M2423 <P>A recent Ransomware attack against a Luxembourg company resulted from a flaw in Citrix (surprise)</P><P>&nbsp;</P><P><A href="https://today.rtl.lu/news/luxembourg/a/1477807.html" target="_blank">https://today.rtl.lu/news/luxembourg/a/1477807.html</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 03 Mar 2020 20:18:23 GMT https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33341#M2423 dcontesti 2020-03-03T20:18:23Z https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33356#M2426 <P>This issue definitely falls back on the client and this particular issue comes back to Patch Management practices, and also the ability to detect the zero-day exposure through good Vulnerability Management.</P><P>&nbsp;</P><P>I have several enterprise clients here in Australia with Citrix NetScaler's that were vulnerable to the exact same issue, and fortunately all of them were able to implement the initial workaround that was issued in late December.</P><P>&nbsp;</P><P>One of my clients didn't patch until 7 January, which was just in time for malicious actors that were starting to exploit this vulnerability actively on or around 11 January.</P><P>&nbsp;</P><P>We're lucky in Australia that our government was tracking exposure to this issue, and they were contacting large organisations to warn them to check they had applied the patch too.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Mar 2020 12:51:24 GMT https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33356#M2426 MJM 2020-03-04T12:51:24Z https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33374#M2429 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1676172747">@MJM</a>&nbsp;&nbsp; I agree, bad patch management is a major issue.&nbsp; But I think this also points out a major resilience issue for the organisation as well.&nbsp; They certainly need to review current current Hygiene practices, DR and BCP and some more investment from the board given the circumstances.</P><P>&nbsp;</P><P>I hope they did not simply fall back to cyber insurance to bale them out.</P><P>&nbsp;</P><P>I agree the Australian Government is very proactive, and I would say the New Zealand CERT was also doing a similar approach to minimise the impact.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Wed, 04 Mar 2020 23:25:49 GMT https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33374#M2429 Caute_cautim 2020-03-04T23:25:49Z https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33376#M2430 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1676172747">@MJM</a>&nbsp;&nbsp; Here is an example of Australian Security Directorate taking action:</P><P>&nbsp;</P><P><A href="https://www.itnews.com.au/news/citrix-bug-forced-defence-to-pull-recruitment-database-offline-538955?eid=3&amp;edate=20200305&amp;utm_source=20200305_PM&amp;utm_medium=newsletter&amp;utm_campaign=daily_newsletter" target="_blank">https://www.itnews.com.au/news/citrix-bug-forced-defence-to-pull-recruitment-database-offline-538955?eid=3&amp;edate=20200305&amp;utm_source=20200305_PM&amp;utm_medium=newsletter&amp;utm_campaign=daily_newsletter</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Thu, 05 Mar 2020 03:06:20 GMT https://community.isc2.org/t5/Tech-Talk/Whose-at-fault-CITRIX-or-the-Client/m-p/33376#M2430 Caute_cautim 2020-03-05T03:06:20Z