Jonas Hansen’s Post

View profile for Jonas Hansen

Cyber Security Specialist @ Concordium

Danske Bank Red Team discovers yet more Citrix 0-day vulnerabilities. In Danske, we are continuously hunting for vulnerabilities in our own growing portfolio of online applications, as well as in the vendor stack that powers our services. For the Red Team, everything is in scope. Last spring, we presented CVE-2018-18571, which provided authentication bypass to Citrix XenMobile (Get access to an organizations network and all enrolled phones). This spring, we present CVE-2020-8982 & CVE-2020-8983, which provides unauthenticated arbitrary file read and unauthenticated arbitrary file write (remote code execution) on Citrix ShareFile Storage Zone Controllers. The impact is quite critical, as both RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). Danske Bank Red Team roster: Saulius Pranckevičius, Petras Skėrus, Mads Bograd, Alexander Staalgaard and Jonas Hansen. #danskebank #hacking #zeroday #cybersecurity #infosecurity #cloudsecurity

Citrix ShareFile storage zones Controller multiple security updates

Patric P.

Cyber Security and Security Intelligence (OSINT) Expert & vCISO, Executive Advisor, Mentor

3y

Jonas and his team continue to be Rockstars. Awesome work.

Lars Sjøqvist Krogh Paulsen

Senior Developer | Internal Products

3y

Godt at høre som kunde 👏

Like
Reply
Jan Kaastrup

3y

Respekt!

Like
Reply
Klaus Agnoletti

I'm a storytelling cyber security and marketing specialist. I get ideas, I know people and the community. I'm good at utilizing those commercially without compromising my integrity.

3y

Would you mind doing a talk at OWASP Copenhagen about it? :-) Alessandro Bruni

Henrik T.

Cybersecurity Executive | Strategic thinker | Keynote Speaker | Mentor

3y

Respect, and great to see you remain being a strong and relevant team. Please keep pushing an important agenda, which I am sure goes way beyond you own business.

Like
Reply
Peter Lidell

Cybersecurity Expert | Advisor | Leader | Innovator | Technology Strategist | Teambuilder | Speaker | Career coach

3y

Respect!

Like
Reply
Jakob H. Heidelberg

Composer @ ImproSound

3y

Impressive!

Like
Reply
Simon S.

3y

Great work

Like
Reply
See more comments

To view or add a comment, sign in

Explore topics