
Ransomware Gangs Using Multiple New Methods to Break Into Businesses
The Anubis ransomware group is exploiting a new Citrix security flaw to break into companies. They use legitimate remote access tools to avoid detection.
Source
The Hacker News
Original headline: Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Plain-English summary by GetCyberRight. Read the full report at the source above.
Ransomware criminals linked to the Anubis operation are using a newly discovered security flaw in Citrix software to break into businesses. Citrix makes software that allows people to access their work computers remotely from home or other locations. Once inside, the attackers use legitimate remote management tools that IT departments normally use. This helps them blend in and avoid detection. They steal login credentials and move through company networks looking for valuable data to lock up or steal. This primarily affects people who work for companies that use Citrix software for remote access. If you log in to work systems from home using Citrix, your employer's network could be vulnerable. The attack targets businesses, not home users directly. However, your personal information stored at work could be compromised if your employer is attacked. This includes your employee records, contact details, banking information for payroll, and any other data your employer keeps about you.
Take these steps right away if you use Citrix or any remote access tool for work. First, contact your IT department to confirm they are aware of this vulnerability and have applied security updates. Second, change your work login passwords now. Use strong passwords that are different from passwords you use anywhere else. Third, enable two-factor authentication on all work accounts that support it. This requires both your password and a second form of verification. Fourth, be extremely careful about emails asking you to log in to work systems. Verify requests directly with your IT department before clicking any links. Protect yourself long term by using unique passwords for every account. Install a password manager to help create and store these passwords securely. Always turn on two-factor authentication wherever possible. Watch for suspicious activity on your work accounts and report it immediately to your IT team. Keep your personal and work digital lives separate. Use different email addresses and passwords for personal versus professional accounts. This limits the damage if one account is compromised.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Free Game Teaches Kids About Online Safety Through Play on Roblox
Europol created Cyber Defenders, a free game on Roblox that teaches children how to spot fraud, identity theft, and grooming through interactive missions rather than lectures.
2 min read
New Free Game Teaches Kids About Online Safety Through Play
Europol created a free Roblox game that helps children learn to spot scams, identity theft, and online predators through interactive missions.
2 min read
Claude AI Subscription Change: What It Means for Your Family
If you use Claude AI through a subscription, one version will be temporarily unavailable starting July 7. The company says it will return soon.
2 min read
Popular AI Chat Service Making Temporary Changes to Subscription Plans
If your family uses Claude AI for homework help or work tasks, one version will be temporarily unavailable starting in July but will return soon.
2 min read