Citrix networking Hacked by Chinese State Hackers on Day Zero

Trending News

FTC Approves Non-Compete Ban

Final Rule Raises Salary Threshold to $58,656 for Employee Overtime Exemptions

EEOC Final Rule Implementing the Pregnant Workers Fairness Act

Trending in Telehealth: April 9 – April 15, 2024

Healthcare Preview for the Week of: April 22, 2024 [Podcast]

Pregnant Workers Fairness Act Final Regulations Released

It’s the Final Countdown – The Final PWFA Regs Are Here

Corporate Transparency Act – Continued Developments

Healthcare Preview for the Week of: April 15, 2024 [Podcast]

SCOTUS Declines to Review New York City’s Rent Stabilization Law

Linn F. Freedman

Email

401-709-3353

Bio and Articles

Chinese State Hackers Exploit Zero-Day Vulnerabilities in Citrix Networking Equipment

by: Linn F. Freedman of Robinson & Cole LLP - Data Privacy + Security Insider

Thursday, December 22, 2022

Print Mail Download

i

According to the National Security Agency, actors backed by the Chinese government are actively targeting a zero-day vulnerability in two commonly-used Citrix networking devices.

The exploit (CVE-2022-27518) affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool. Both devices are standard in mid-to-large enterprise networks. Analysts at the National Institute for Standards and Technology (NIST) categorize the exploit as ”critical,” the highest risk level, for its broad potential impact and ease of execution.

Citrix pushed out an emergency patch for the vulnerability last week and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately. Compliance Officers and Chief Information Security Officers may wish to consider heeding this warning and apply the firmware patch to affected devices ASAP, outside of regular update cycles if necessary.

Blair Robinson (non-lawyer intern) also contributed to this article.

Current Legal Analysis

Shanghai to Subsidize Construction of Standard Essential Patent Pools

by: Aaron Wininger

CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy

by: Hunton Andrews Kurth’s Privacy and Cybersecurity

Is This the End of Noncompete Agreements in the United States?

by: Peter A. Lauricella , Kadeem Wolliaston

The New Jersey Mini-WARN Act Amendments—One Year Later

by: Mark Diana , Brandon R. Sher

IS TCR NEXT TO FACE BAN?: With Tik Tok Facing Ban Unless it Sells to American Company is The Campaign Registry Next on the List?

by: Eric J. Troutman

More from Robinson & Cole LLP

The Department of Education Releases Significant Revisions to Title IX Regulations

by: Kathleen E. Dion , Seth B. Orkand

Privacy Tip #394 – Colorado Amends Privacy Law to Include Neurodata

by: Linn F. Freedman

New Threat: Scattered Spider International Coalition of Hackers

by: Linn F. Freedman

Joint Guidance Published by Five Eyes on Deploying AI Systems Securely

by: Linn F. Freedman

U.S. Government Intervenes in Case Alleging Unauthorized Disclosure of CUI

by: Data Privacy & Cybersecurity Robinson Cole

DoorDash Settles with California Attorney General for Alleged Violations of the CCPA

by: Kathryn M. Rattigan

The State of AI Governance and Diversity: Takeaways from the AI Index Report

by: Blair V. Robinson

Weight Loss, Miracle Medications & the Workplace

by: Abby M. Warren

Additional States Implement Notice Requirements for Healthcare Transactions

by: Leslie J. Levinson , Danielle H. Tangorre

Privacy Tip #393 – Phishing, Smishing, Vishing and Qrishing Schemes Continue to Dupe Users

by: Linn F. Freedman

Upcoming Legal Education Events

Jun

4

2024

FinTech and Securities Trading Platforms

May

17

2024

Upon Further Review: A Look Back at the Last Year in the Third, Fourth, and D.C. Circuits

May

15

2024

Capital Connect: Finance & Funding in Life Sciences

May

14

2024

Harmonizing TSCA Consent Orders with OSHA HCS 2012

Print