Hackers successfully breached the technology unit of UnitedHealth, a US health insurer, on February 12th. The attackers exploited a security flaw in the software of Citrix, a private IT company that provides remote access to desktop computers for employees. This information was revealed during a testimony that UnitedHealth will give before a House panel this … Read more
The CEO of UnitedHealth is scheduled to testify this week regarding a cyberattack that caused significant disruptions. The attack has raised concerns about the company’s cybersecurity measures and the potential implications for their customers. The CEO will have to provide an explanation of what happened during the attack and what steps are being taken to … Read more
Hackers were able to breach Change Healthcare’s IT systems by exploiting a vulnerability in a Citrix remote desktop access product, as stated by Andrew Witty, CEO of UnitedHealth, the parent company of Change Healthcare. This information will be discussed during Witty’s testimony before the House Energy and Commerce Committee later this week, as reported by … Read more
UnitedHealth Group CEO Andrew Witty is set to testify before the United States House of Representatives Subcommittee about a cyberattack on Change Healthcare in February. The attack utilized Citrix remote access software, according to Witty’s written testimony. Following the attack, UnitedHealth immediately severed connectivity with Change Healthcare’s data centers to prevent further infection. The hackers … Read more
A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, known as an out-of-bounds memory read issue, affects software versions up to 13.1-50.23 and has been compared to the previously known CitrixBleed vulnerability, though it is considered less serious in terms … Read more
Citrix Bleed has been identified as a critical information disclosure vulnerability with a CVSS score of 9.4/10. This vulnerability affects the NetScaler ADC and Gateway appliances when configured as a Gateway or AAA virtual server. Unlike CVE-2023-4966, Citrix Bleed does not expose highly sensitive data to attackers. Although Citrix has not assigned a CVE ID … Read more
Citrix has recently identified a critical vulnerability (CVE-2024-31497) in certain versions of its Citrix Hypervisor virtualization platform. This vulnerability is associated with the use of a vulnerable version of the PuTTY SSH client in XenCenter, the management console for Citrix Hypervisor. The affected versions of XenCenter, specifically those prior to 8.2.6 in the Citrix Hypervisor … Read more
Citrix recently informed its customers about a vulnerability in the PuTTY SSH client that could potentially allow attackers to access a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop, facilitating tasks such as deploying and monitoring virtual machines. The security flaw, known as CVE-2024-31497, … Read more
This week, two bugs in Citrix technology have caught the attention of the Cybersecurity and Infrastructure Security Agency (CISA). One of the vulnerabilities, labeled CVE-2023-6548, must be patched by federal agencies by January 24, while the other bug, labeled CVE-2023-6549, must be fixed by February 7. This quick fix timeline is unusual for CISA, but … Read more
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. Critical vulnerabilities have been discovered across multiple systems, including Microsoft Exchange Servers, the Bricks Builder Theme for WordPress, VMware, ScreenConnect, Joomla, and Apple Shortcuts. Urgent patching and prompt updates can protect systems … Read more