Category: Xfinity

On December 18, 2023, Comcast Xfinity filed a notice to the Attorney General of Maine disclosing an exploited vulnerability in one of Xfinity’s software providers, Citrix, that has jeopardized almost 36 million customers’ sensitive information. While the vulnerability was made in August of 2023, the telecommunications solutions provider announced patches in October, but it already had mass exploitation weeks after the patch was reported.   

Kiran Chinnagangannagari, CTO, CPO & co-founder, Securin, shares how a vulnerability like this causes so much damage. 

“CVE-2023-4966, more commonly known as “CitrixBleed,” is a vulnerability within the Citrix NetScaler ADC and Gateway software that could allow a cyber bad actor to take control of an affected system,” Chinnagangannagari elaborated.

He went on to say that “At the time of the patch release, Citrix had no evidence of the vulnerability being exploited in the wild. However, Securin observed exploitation just a week later, including ransomware groups LockBit and Medusa leveraging this vulnerability. Securin also observed mentions of this vulnerability in deep, dark web and hacker forums.”

“Vulnerabilities within commonly used software are extremely dangerous because they can be replicated across other companies that might not have patched it either, which we have seen in the case of CitrixBleed, as it is being linked to many incidents in 2023, including Boeing, ICBC, DP World, Allen & Overy, and thousands of other organizations. These big-name victims emphasize ransomware gangs’ ongoing commitment to crippling and disrupting operations that could affect the security of everyday people and even U.S. critical infrastructures.” 

“While large-scale companies have been facing ever-evolving and continuous threats to their cybersecurity, it’s important to remember that these vulnerabilities are all too common and risk exploiting data like names, contact information, the last four digits of social security numbers, dates of birth, and answers to secret questions on the site. This particular vulnerability leaks the content of system memory to the attacker, allowing the attacker to impersonate a different authenticated user. This exploit poses a grave threat to system security and user integrity, emphasizing the critical need for immediate attention and remediation. CWE-119 is the weakness associated with this vulnerability and Securin is tracking 14,231 additional vulnerabilities associated with this weakness with quite a few of them being exploited by ransomware and APT groups.”

Chinnagangannagari implores companies to look for ways to mitigate risk. 

“Companies must look at leveraging a framework like Continuous Threat Exposure Management (CTEM) to prioritize and mitigate risks. In addition to multi-factor authentication (MFA), cybersecurity teams must implement and update basic security practices with routine scans of their attack surface, consolidating third-party applications, updating access controls, systems, and routine updates to complex passwords.” 

The post To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed” appeared first on Cybersecurity Insiders.

The festive season of Christmas 2023 has unfortunately become a prime time for cyber-criminals to unleash a wave of cyber attacks, with incidents occurring globally every two hours.

In a recent development, Iran’s petrol stations found themselves under siege from a sophisticated cyber attack orchestrated by a group of hackers known as Gonjeshke Darande, translating to “Predatory Sparrow” in Farsi. Reports from Iran’s state media indicate that nearly 70% of fuel stations, along with a couple of steel factories, a rail network, and a technology company, fell victim to these digital assailants opposed to the activities of the Islamic Republic. Jawed Owli, the Minister for Oil, has warned that the intensity of these attacks may escalate as the year 2023 draws to a close.

Adding to the cybersecurity concerns, VF Corp, a major American retail giant specializing in apparel and footwear, has fallen prey to a cyber breach. With subsidiaries like The North Face and Vans gearing up for the annual Christmas rush, a digital assault at this critical juncture could have detrimental effects on the company’s current and future business plans. While VF Corp has not explicitly labeled the incident as a ransomware attack, it admitted in its latest filing to the SEC that a significant portion of data on its servers was encrypted, and the attackers were demanding a substantial ransom.

In a separate incident, Washington County issued a press statement revealing that state-funded hackers attempted to breach its systems last Sunday. Fortunately, the county’s IT staff successfully thwarted all 64,000 attempts by the criminals to steal email IDs and sensitive data, ensuring the security of the county’s digital information.

Xfinity, formerly known as Comcast Cable Communication LLC, has raised alarm bells by disclosing a potential compromise of some of its systems between October 16th and 19th of this year. The hackers may have gained unauthorized access to critical details such as usernames, passwords, and contact information. According to the company’s press release, the breach occurred through a security vulnerability in Citrix systems, potentially allowing the hackers access to usernames and encrypted passwords, which could be decrypted using open-source software. Customers are strongly advised to change their passwords, and law enforcement authorities are actively investigating the extent of the impact.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.