Headline
Xfinity Rocked with Data Breach Impacting 36 Million Users
By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users
Comcast Cable Communications, LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.
Comcast-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of users. The data breach is linked to the critical vulnerability in Citrix software.
It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability. The report indicated that not one, but four uncategorized threat actor groups were involved in the exploitation.
The telecommunication giant, which offers a wide range of services including internet, TV, and phone, stated in the notice sent on Monday that hackers exploited a software vulnerability to access its customers’ personal information.
Xfinity discovered the suspicious activity on October 25, and by December 6 it determined that compromised data may include usernames, hashed passwords, last four digits of Social Security numbers, account security questions, birthdates, and contact information.
According to a breach notification filed with the Maine Attorney General, the breach affected around 35.9 million user accounts, representing a significant portion of its overall user base, which comprises 32 million broadband users.
Cloud computing firm Citrix discovered a vulnerability (CVE-2023-4966) dubbed Citrix Bleed in early October, which affected products used by companies like Xfinity.
It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability.
The report revealed that four uncategorized threat actor groups were involved in exploiting the vulnerability. This vulnerability affects NetScaler ADC and Gateway appliances, allowing them to manipulate user sessions without requiring authentication measures. The same vulnerability was previously linked to hacks targeting the Industrial and Commercial Bank of China’s New York branch and a Boeing subsidiary.
Xfinity patched the vulnerability, but unauthorized access to its internal systems led to data compromise by mid-November. In its official statement, Xfinity’s spokesperson stated that there is no evidence of customers’ data being leaked or targeted attacks.
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”
Nevertheless, all Xfinity customers are urged to reset their passwords and are advised to use two-factor authentication for added security.
In a comment to Hackread.com, Immersive Labs’ Director of Cyber Threat Research Kev Breen warned companies to timely patch security vulnerabilities as threat actors are quick to exploit them.
“In 2022, the median time to exploitation was one day from exploitation, while the timing of public patches was on average 7 days. This year we’ve consistently seen recently disclosed vulnerabilities and zero days actively exploited in the wild by threat actors at scale.”
Breen also argued the culture of non-existing cybersecurity and vulnerability disclosure-related transparency, despite the US government’s strict and recent policies holding software companies liable for data breaches.
“Despite government intervention to try and strengthen transparency and guidance around cybersecurity practices, many standard implementations still haven’t kept pace. For example, FedRAMP guidelines say organizations have 30 days to remediate high-risk threats — yet attackers just need one day to discover a vulnerability and take advantage to wreak havoc on systems and cause costly damage to organizations.”
This, however, is not the first time Comcast has made headlines for data breaches. In November 2015, the company discovered that 200,000 user login credentials, including email addresses and passwords, were leaked and being sold on the dark web. The company attributed the incident to customers falling victim to malware and phishing attacks.
As for the latest data breach, Comcast, under new Securities and Exchange Commission rules, must disclose cybersecurity breaches affecting their bottom line within four days but has not yet filed such a report, according to The Associated Press.
****RELATED ARTICLES****
- US aerospace services provider data breach loses 1.5 TB of data
- Mortgage Giant Mr. Cooper Data Breach; 14 Million Users Impacted
- Hackers Leak Thousands of Idaho National Lab Employees’ PII Data
- Sony Data Breach via MOVEit Vulnerability Affects Thousands in US
- Hackers Access User Info, Corporate Systems in MongoDB Data Breach
- Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack
Related news
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management
In November, ransomware gangs attacked at least 457 victims—the highest monthly count in 2023, after May's record numbers.
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),
By Deeba Ahmed Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data. This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove
By Deeba Ahmed Reportedly, it was a ransomware attack orchestrated by the notorious LockBit gang. This is a post from HackRead.com Read the original post: World’s Largest Bank ICBC Discloses Crippling Ransomware Attack
The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files
Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.