登录查看更多内容

Password spraying attacks directed at various organizations worldwide

Samana Group LLC

Samana Group provides virtual workspaces, and services for virtual environments.

发布日期: 2024年12月13日

Cloud Software Group is aware of a recent series of password spraying attacks directed at various organizations around the globe. Some of these attacks have targeted NetScaler appliances.

Cloud Software Group has collaborated with affected customers to analyze the issues and recommends the following mitigations:

Ensure that multi-factor authentication is enabled for Gateway and the MFA verification factor is configured before the LDAP factor, details for which can be found here.
Create a responder policy to allow requests only for desired FQDN, as attacks are frequently targeting IP addresses rather than Gateway FQDNs. Create the following responder policy:

add responder policy IP_Block “HTTP.REQ.HOSTNAME.EQ(\”<enter gateway FQDN here>\”).NOT” DROP
bind vpn vserver Gateway_vServer -policy IP_Block -priority 100

Create a responder policy to block the following end points if not utilizing historic pre-nFactor basic/classic authentication:

/cgi/login
/p/u/doAuthentication.do
/p/u/getAuthenticationRequirements.do

We recommend that you review the CSG Post and follow the recommendations.

要查看或添加评论，请登录

Samana Group LLC的更多文章

See all articles

Password spraying attacks directed at various organizations worldwide

Samana Group LLC

Samana Group provides virtual workspaces, and services for virtual environments.

Samana Group LLC的更多文章

社区洞察

其他会员也浏览了

Google's Enterprise Grade NGFW

Nudge Newsletter: February 2023

SD-WAN Security

Guidelines vs. Certifications: Understanding CIS, SOC, ISO, and PCI DSS in AWS Environments

The threat of Azure service tags

VMware Releases a Patch for the Cloud Foundation Platform's Severe RCE Flaw

Don't Overlook This Simple, Effective Security Boost

Don’t sleep on this simple, effective security booster

Cloud Has My Data and I Don't Know What is Going On

Microsoft Azure: Don’t sleep on this simple, effective security booster

Samana Group LLC的更多文章

Citrix has published security bulletins for Citrix Secure Access Client for Mac, NetScaler Console and NetScaler Agent

Broadcom has published a security bulletin for VMware Aria Operations for logs, VMware Aria Operations, and VMware Cloud

Citrix has published security bulletins for NetScaler and Citrix Session Recording

Citrix Preferred Services Partner was issued by Citrix to Samana Group

Broadcom has published multiple security bulletins for VMware vCenter Server

[Cybersecurity Alert] - Citrix has updated a security bulletin for CVE-2024-6235 and CVE-2024-6236

Citrix has published security bulletins for multiple products

Citrix has published a security bulletin for CVE-2024-5491 and CVE-2024-5492

Citrix has published a security bulletin for CVE-2024-3661

Broadcom has published multiple security bulletins for VMware ESXi and vCenter Server

社区洞察

其他会员也浏览了

Google's Enterprise Grade NGFW

Nudge Newsletter: February 2023

SD-WAN Security

Guidelines vs. Certifications: Understanding CIS, SOC, ISO, and PCI DSS in AWS Environments

The threat of Azure service tags

VMware Releases a Patch for the Cloud Foundation Platform's Severe RCE Flaw

Don't Overlook This Simple, Effective Security Boost

Don’t sleep on this simple, effective security booster

Cloud Has My Data and I Don't Know What is Going On

Microsoft Azure: Don’t sleep on this simple, effective security booster