Port operator DP World failed to fix 'critical' CitrixBleed vulnerability in IT systems

Port operator DP World Australia had failed to fix a critical IT vulnerability when hit by a recent cyber attack, according to multiple cybersecurity analysts. Key points: DP World's IT systems were vulnerable to an exploit called CitrixBleed A patch had been available for over a month when the attack occurred The company confirmed that attackers took data from their systems CitrixBleed, an exploit classified as "critical" by the Australian Cyber Security Centre, has been allowing cybercriminals to break into vulnerable IT systems across the globe since its discovery in July. Devices registered on DP World's network had not been updated to remove the CitrixBleed vulnerability when the attack occurred on November 10, leaving four major Australian ports closed for days and 30,000 containers stacked up. Australia's Security of Critical Infrastructure Act requires the operators of critical assets, including four ports operated by DP World Australia, to report cyber incidents and implement risk assessments.