Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

What are they looking for? Scans for OpenID Connect Configuration (Update: CitrixBleed), (Tue, Dec 19th)

published on 2023-12-19 16:28:10 UTC by
Content:

Update: Thanks to our reader Dustin Decker for pointing out that these scans are likely looking for Citrix devices. The recent "CitrixBleed" vulnerability is exploited using the OpenID connect URL (%%cve-2023-4966%%, %%cve-2023-4967%%). An attack would also include an oversized Host header in a request to the OpenID URL. The scans I have observed do not appear to include this oversized Host header. Looks like they are just looking for possible targets to exploit later.

Article: What are they looking for? Scans for OpenID Connect Configuration (Update: CitrixBleed), (Tue, Dec 19th) - published 11 months ago.

https://isc.sans.edu/diary/rss/30498
Published: 2023 12 19 16:28:10
Received: 2023 12 19 17:35:31
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 0