Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Citrix Bleed. Show all posts
Internet
Citrix Bleed Cloud Cyber Security Data Leak Email FEMA Internet

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies


An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management Agency technology employees.

Citrix bug leads to breach

The incident occurred on June 22, when threat actors infiltrated Citrix virtual desktop infrastructure inside FEMA via stolen login details. The data was stolen from Region 6 servers, according to NextGov. The DHS security staff were informed of the incident on July 7. A week later, an unknown hacker used a high-level access account and tried to deploy virtual networking software to retrieve details. Mitigation began on July 16. 

In September, further mitigation actions were taken, including reframing FEMA Zscaler policies and restricting access to a few websites. According to Nextgov, an internal FEMA email was found that instructed all employees to change their passwords, but no other details about the incidents were mentioned in the email. 

About FEMA firings

The FEMA employee layoffs happened on August 29, after a routine inspection of the agency’s infrastructure, which revealed a flaw that “allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole,” according to the Department of Homeland Security (DHS). 

The firing announcement came from DHS, which also hit FEMA’s top cybersecurity and technology officers. According to DHS, FEMA’s IT staff “resisted any efforts to fix the problem” and “lied” about the significance of flaws. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS said at the time.

Lack of effort: DHS

FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said when Noem first announced the staff terminations last month. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS also said.

About the Citrix bug

Citrix sells software that employees use for remote access of workplace apps. The flaw, named CitrixBleed 2.0, in the past has allowed threat actors to escape two-factor authentication measures. “Bleed” is a tactic that makes susceptible devices give out memory content, allowing threat actors to place pieces of data and assemble login credentials for infiltrating devices.

Read more »
Subscribe to: Posts (Atom)