Tag

Citrixbleed

All articles tagged with #citrixbleed

Massive Data Breach: Xfinity Hack Exposes Millions of Customer Records

Originally Published 2 years ago — by TechCrunch

Hackers exploited a critical security vulnerability known as "CitrixBleed" to gain access to the sensitive information of nearly 36 million Xfinity customers. The vulnerability, found in Citrix networking devices, has been under mass-exploitation since August. Xfinity confirmed that hackers had access to its internal systems between October 16 and 19, but the malicious activity was not detected until October 25. Customer data, including usernames, hashed passwords, names, contact information, dates of birth, and partial Social Security numbers, may have been accessed. Comcast has not disclosed the exact number of affected customers but confirmed that almost 35.8 million customers are impacted. The company is requiring customers to reset their passwords and recommends the use of two-factor authentication.

business cybersecurity citrixbleed comcast customer-information cybersecurity data-breach xfinity

Citrix Bleed Vulnerability Exploited by LockBit Ransomware Affiliates

Originally Published 2 years ago — by CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint advisory with the FBI, MS-ISAC, and ASD's ACSC, warning about the LockBit 3.0 ransomware exploiting the Citrix Bleed vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. LockBit 3.0 affiliates have been observed using this vulnerability to bypass password requirements and multifactor authentication, allowing them to hijack legitimate user sessions and gain elevated permissions to harvest credentials and access data. Network administrators are urged to apply necessary software updates and implement mitigations to protect against this ransomware threat.

business cybersecurity citrixbleed cve-2023-4966 cybersecurity lockbit30 ransomware stopransomware