Citrix vulnerability used for potential Defence recruitment database access
The Australian Signals Directorate (ASD) has revealed that a vulnerability in Citrix, announced over Christmas, could have been used by malicious actors to access a database of Australian Defence recruitment details.
"On the 24th of January ... through sensitive other sources, had a concern that the Department of Defence and its contractor running the DFRN [Defence Force Recruiting Network] may have been vulnerable to a malicious act as a result of the Citrix issue," newly installed director-general of the Australian Signals Directorate Rachel Noble told Senate Estimates on Wednesday night.
Noble added that ASD believed no data was compromised, but it did see attempts to access the network related to the vulnerability. "Given the global nature of the vulnerability which affected companies worldwide, I don't think they would have been the only one," Noble said.