Comcast’s residential cable unit, Xfinity, has been hit by a cybersecurity breach through which hackers exploiting a crucial vulnerability dubbed Citrix Bleed accessed the confidential data of almost 36 million clients.
The vulnerability is embedded in sure Citrix networking gadgets which might be broadly used throughout main firms. Citrix responded with patches in early October, however the delay in implementation by many corporations left them weak.
“Citrix Bleed is harmful as a result of it permits malicious customers to entry delicate knowledge coupled with the truth that it impacts generally used Citrix gadgets in giant organizations,” stated Josh Amishav, the CEO of cybersecurity agency Breachsense. “Because of this the vulnerability might be exploited en masse, resulting in important knowledge breaches.”
Hackers used Citrix Bleed to get into Xfinity programs for just a few days in mid-October, in accordance with a discover put out by Comcast Monday. The corporate didn’t understand what occurred till a few week later. In November, its investigation confirmed that hackers in all probability bought some buyer data. Then, in December, they found this included buyer usernames and passwords. These passwords had been scrambled for defense, however there’s nonetheless an opportunity they may very well be unscrambled.
The corporate additionally stated that for some clients, the hackers might need gotten extra private particulars like names, contact data, beginning dates, elements of Social Safety numbers, and the solutions to secret safety questions.
NetScaler vulnerabilities
Citrix beforehand advised NetScaler ADC and NetScaler Gateway clients to put in up to date networking product variations to stop exploitation of vulnerabilities. The NetScaler ADC (Software Supply Controller) and NetScaler Gateway, developed by Citrix, are instruments designed to enhance community functions and providers’ efficiency, safety, and availability. On October 10, Citrix revealed vulnerabilities in these merchandise, recognized as CVE-2023-4966 and CVE-2023-4967, described as “unauthenticated buffer-related” points.
