- Citrix released a patch for the vulnerability last week along with an advisory that provided few details.
- On Wednesday researchers from security firm Mandiant said that the vulnerability has been under active exploitation since August possibly for espionage against professional services technology and government organizations.
- Mandiant warned that patching the vulnerability wasn t sufficient to lock down affected networks because any sessions hijacked before the security update would persist afterward.
- The company wrote Successful exploitation could result in the ability to hijack existing authenticated sessions therefore bypassing multi factor authentication or other strong authentication requirements.
- A threat actor could utilize this method to harvest additional credentials laterally pivot and gain access to additional resources within an environment.
2 with A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufac [+5020 chars]