Comcast’s residential cable unit, Xfinity, has been hit by a cybersecurity breach through which hackers exploiting a vital vulnerability dubbed Citrix Bleed accessed the confidential info of practically 36 million clients.
The vulnerability is embedded in sure Citrix networking gadgets which might be broadly used throughout main firms. Citrix responded with patches in early October, however the delay in implementation by many corporations left them susceptible.
“Citrix Bleed is harmful as a result of it permits malicious customers to entry delicate knowledge coupled with the truth that it impacts generally used Citrix gadgets in giant organizations,” mentioned Josh Amishav, the CEO of cybersecurity agency Breachsense. “Which means the vulnerability could be exploited en masse, resulting in vital data breaches.”
Hackers used Citrix Bleed to get into Xfinity techniques for a number of days in mid-October, based on a discover put out by Comcast Monday. The corporate didn’t notice what occurred till a few week later. In November, its investigation confirmed that hackers in all probability obtained some buyer info. Then, in December, they found this included buyer usernames and passwords. These passwords have been scrambled for cover, however there’s nonetheless an opportunity they may very well be unscrambled.
The corporate additionally mentioned that for some clients, the hackers may need gotten extra private particulars like names, contact information, beginning dates, components of Social Safety numbers, and the solutions to secret security questions.
NetScaler vulnerabilities
Citrix beforehand instructed NetScaler ADC and NetScaler Gateway clients to put in up to date networking product variations to forestall exploitation of vulnerabilities. The NetScaler ADC (Software Supply Controller) and NetScaler Gateway, developed by Citrix, are instruments designed to enhance community functions and providers’ efficiency, security, and availability. On October 10, Citrix revealed vulnerabilities in these merchandise, recognized as CVE-2023-4966 and CVE-2023-4967, described as “unauthenticated buffer-related” points.
