This week, we have mitigated the vulnerabilities of our Citrix environment. We have seen some hacking attempts, but haven’t found any evidence of abuse or further break out to the rest of our infrastructure. To be sure, we will have this further investigated by external security experts.
We have taken every step recommended by Citrix. Because of the use of network isolation and firewall the risk to our infrastructure is low anyway. The vulnerability is was located in the Citrix gateways, our Netscalers, which are used to secure our Citrix server (on which the application and users are working) from the internet
What does this mean for you or your clients?
Nothing. We haven’t seen any proof of a data breach or data exfiltration. To be sure, we will have this further investigated. You don’t need to do a thing.