The Fallout from "CitrixBleed"

On December 18, 2023, Comcast Xfinity filed a notice to the Attorney General of Maine disclosing an exploited vulnerability in one of Xfinity's software providers, Citrix, that has jeopardized almost 36 million customers' sensitive information.
While the vulnerability was made in August of 2023, the telecommunications solutions provider announced patches in October, but it already had mass exploitation weeks after the patch was reported.
Kiran Chinnagangannagari, CTO, CPO & co-founder, Securin, shares how a vulnerability like this causes so much damage.
Chinnagangannagari implores companies to look for ways to mitigate risk.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Thu, 21 Dec 2023 03:13:08 +0000


Cyber News related to The Fallout from "CitrixBleed"

Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability - Comcast's Xfinity is informing customers that their information has been compromised in a cyberattack that involved exploitation of the vulnerability known as CitrixBleed. CitrixBleed, officially tracked as CVE-2023-4966, is a critical vulnerability ...
1 year ago Securityweek.com
Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability - Comcast's Xfinity is informing customers that their information has been compromised in a cyberattack that involved exploitation of the vulnerability known as CitrixBleed. CitrixBleed, officially tracked as CVE-2023-4966, is a critical vulnerability ...
1 year ago Packetstormsecurity.com
Teens with "digital bazookas" are winning the ransomware war, researcher laments - What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a ...
1 year ago Arstechnica.com
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected - The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity. Since at least August, attackers have been exploiting CVE-2023-4966, a 7.5 high-severity vulnerability affecting Citrix ...
1 year ago Darkreading.com
BlackCat claims attack on Fidelity National Financial The Register - Fortune 500 insurance biz Fidelity National Financial has confirmed that it has fallen victim to a "Cybersecurity incident." The services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, ...
1 year ago Theregister.com
Xfinity Data Breach Impacts 36 Million Individuals - The data breach disclosed recently by Comcast's Xfinity impacts nearly 36 million individuals, the company told US authorities. The incident was disclosed by the telecommunications and smart home solutions provider on December 18, when it admitted ...
1 year ago Securityweek.com
CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. - Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp - used by double digit number of other credit unions across the United States. A ransomware group gained entry to Trellance via Ongoing ...
1 year ago Doublepulsar.com
CVE-2018-8933 - The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. ...
5 years ago
The Fallout from "CitrixBleed" - On December 18, 2023, Comcast Xfinity filed a notice to the Attorney General of Maine disclosing an exploited vulnerability in one of Xfinity's software providers, Citrix, that has jeopardized almost 36 million customers' sensitive information. While ...
1 year ago Cybersecurity-insiders.com
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
1 year ago Windsorstar.com
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case - BLACK HAT EUROPE 2023 - London - Former Uber CISO Joe Sullivan last week shared new details about the 2016 data breach at the company that led to his firing from Uber and, later, felony charges. The Uber Breach Sullivan was in his second year as CISO ...
1 year ago Darkreading.com
Leak of Greek Diaspora Emails Shakes Government: A Closer Look - The recent leak of Greek diaspora emails has sent shockwaves through the conservative government of Prime Minister Kyriakos Mitsotakis. The scandal, which unfolded in March 2024, has raised questions about privacy, data protection, and political ...
9 months ago Cysecurity.news
citrixbleed - ...
1 year ago
Comcast's Xfinity customer data exposed after CitrixBleed attack - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 year ago Securityaffairs.com
Industrial and Commercial Bank of China dealing with LockBit ransomware attack - One of the world's largest banks is dealing with a ransomware attack, according to media reports on Thursday. The Financial Times first reported that the state-owned Industrial and Commercial Bank of China - China's biggest, with revenues of $214.7 ...
1 year ago Therecord.media
Toyota Germany Says Customer Data Stolen in Ransomware Attack - Toyota Germany is notifying customers that their personal information was compromised in a ransomware attack last month. Initially disclosed in mid-November, the incident impacted the systems of Toyota Financial Services Europe & Africa, a subsidiary ...
1 year ago Securityweek.com
Toyota Germany Says Customer Data Stolen in Ransomware Attack - Toyota Germany is notifying customers that their personal information was compromised in a ransomware attack last month. Initially disclosed in mid-November, the incident impacted the systems of Toyota Financial Services Europe & Africa, a subsidiary ...
1 year ago Packetstormsecurity.com
Remote-access tools the intrusion point to blame for most ransomware attacks - Dive Brief: Remote-access tools were the primary intrusion point for ransomware attacks, accounting for 3 in 5 attacks last year, cybersecurity insurance firm At-Bay said Wednesday in a report. Attackers primarily targeted perimeter-access tools in ...
7 months ago Cybersecuritydive.com
Christie disclosed a data breach after RansomHub attack - MUST READ. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach after the 2023 Cactus ransomware attack. City of Wichita disclosed a data breach after the recent ransomware attack. Australian Firstmac Limited ...
6 months ago Securityaffairs.com
Intel out-of-band patch addresses privilege escalation flaw The Register - Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips. The flaw, designated INTEL-SA-00950 and given a CVSS 3.0 score of 8.8 out of 10, affects Intel ...
1 year ago Theregister.com
Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying - In 1763, the radical journalist and colonial sympathizer John Wilkes published issue no. 45 of North Briton, a periodical of anonymous essays known for its virulent anti-Scottish drivel-and for viciously satirizing a British prime minister until he ...
1 year ago Wired.com
New Calculator Aims to Measure Companies' Cyberattack Damages - A key risk-management body on Tuesday plans to launch a model to estimate damages from a cyberattack-a calculation that companies struggle to make as hacks play out over days and weeks. The FAIR Institute, a nonprofit that helps businesses measure ...
1 year ago Wsj.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com
Staples Confirms 'Cybersecurity Risk' Disrupting Online Stores - Office supply retail superstore Staples on Friday confirmed some of its IT systems had to be taken offline after a "Cybersecurity risk" was identified and partially contained. The incident, which experts believe is a data-extortion ransomware attack, ...
1 year ago Securityweek.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)