Vulnerability in Citrix Application Delivery Controller and Citrix Gateway

As many of you have heard by now a major vulnerability to the Citrix Netscaler platform was announced before the holidays. At that time the vulnerability was not widely known or for that matter understood. Since that time we have seen bad actors using several tools to bypass corporate security mechanisms. From what we’ve seen at Critical Path Security this breach has the potential to affect every Citrix customer with a Citrix Netscaler gateway deployed. The fact that Citrix has been very quiet on this vulnerability considering they were hacked last year and suffered a significant data breach, is very disconcerting to say the least. Even at this moment, we have not heard how this breach at Citrix occurred or if it is somehow related to the Netscaler gateway vulnerability. The vulnerability is a path traversal bug that can be easily exploited over the internet by an attacker. The attacker…

Comments Off on Vulnerability in Citrix Application Delivery Controller and Citrix Gateway

Are Your Digital Presses and Print Servers a Security Risk for Cybercrime?

Printing Impressions published a recent article in which Patrick Kelley was quoted. Kelley states, “A significant problem with IoT devices, like printers, is that customers are not educated on security risks. Companies and consumers need to understand the risks they are accepting with IoT devices and to ensure that their third-party vendors are advocates for what's best for them. Choose your vendors carefully, making sure that they are trustworthy and that you are the priority.” Read the article  

0 Comments

Safety First This Holiday Season!

Holidays are fast approaching, which means online shopping and scams are going to be on the rise. Here are a few ways to stay as safe as possible. 1.  Know the red flags. The most common types of scams will target you through fake emails (a technique known as phishing), text messages (SMSishing or smishing) voice calls (vishing), letters or even someone who shows up at your front door unexpectedly. No matter which technique the criminal uses these are the common things they try: Pressure you to send money Threaten you with law enforcement action Tell you to purchase gift cards and provide codes as a form of payment Ask you to cash a check for them or send money via wire transfer Ask you to deposit a check that overpays for something you're selling, and then send the difference elsewhere 2. Don’t provide account or personal information via email…

Comments Off on Safety First This Holiday Season!

Critical Path Security guidelines for defending against the increasingly common SIM swap attack.

So what is a SIM swap attack?  A SIM swap attack is when a criminal tricks a customer service representative at a cellular service provider into reassigning the victim’s phone number to a phone that the criminal has.  After they successfully get the SIM swapped to their phone they are able to receive the text messages used as a second form of verification to reset passwords for many online services and apps.  Then they can login to your bank accounts, email and social media. Who should be concerned? Everyone.  Recently, Jack Dorsey the CEO of Twitter was a victim so it can happen to anyone! What can I do to protect myself? The first thing you should do is contact your service provider and add a PIN to your account, this is to prevent a criminal from masquerading as you and changing devices or even who can access your account. …

0 Comments