"Attacks on NetScaler Gateways Aim for User Credentials"

Threat actors continue to exploit a critical vulnerability in unpatched NetScaler Gateways, inserting malicious scripts into the HTML content of the authentication web page in order to steal user credentials. The vulnerability, tracked as CVE-2023-3519, was reported in July when the Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its catalog of Known Exploited Vulnerabilities (KEV). CISA noted in its July advisory that threat actors exploited the vulnerability in June to drop a Webshell on a critical infrastructure organization's non-production environment NetScaler ADC appliance. The Webshell allowed the threat actors to perform discovery on the victim's Active Directory (AD) and exfiltrate AD data. According to CISA, the actors attempted to move laterally to a domain controller, but the appliance's network segmentation controls prevented the movement. This article continues to discuss the continued exploitation of the critical vulnerability in NetScaler Gateways. 

SC Media reports "Attacks on NetScaler Gateways Aim for User Credentials"

Submitted by grigby1