The query window for username and password on a Web page can be seen on the monitor of a laptop.

Enlarge / The query window for username and password on a Web page can be seen on the monitor of a laptop. (credit: Jens Büttner/Getty Images)

Virtualization and software provider Citrix said its internal network was breached by international criminals who most likely exploited weak passwords to gain limited access before working to gain more privileged control.

The notice published Friday morning sent shockwaves through security circles because Citrix’s products and services are used by more than 400,000 organizations around the world, including 98 percent of the Fortune 500. Citrix is also widely used by governments and militaries. An intrusion by overseas hackers carries the risk of exposing technical information that could compromise the networks of customers.

Citrix said it still doesn’t know what specific data was stolen, but an initial investigation appears to show the attackers may have obtained business documents. For now, company officials said, there’s no indication that the security of any Citrix product or service was compromised. The company has commenced a forensic investigation and engaged a security firm to assist. Citrix has also taken unspecified actions to better secure it internal network.

Read 4 remaining paragraphs | Comments

------------------------------------------------------------------------------------ - Source: Read on Source Website...

Source Site: Biz & IT – Ars Technica

Link: https://arstechnica.com

Original-URL: https://arstechnica.com/?p=1471045