vulnerability

Azure service tags vulnerability highlighted by Tenable | TechTarget

by
Azure service tags vulnerability highlighted by Tenable | TechTarget

Tenable discovered a high-severity vulnerability in Microsoft’s Azure Network service tags that could allow attackers to bypass firewall rules. Microsoft, however, rejected the classification of the issue as a vulnerability and instead provided customers with enhanced guidance on mitigating the risk. While Microsoft acknowledged Tenable’s contribution to the Azure community, the company stated that service … Read more

Millions of Xfinity customer data compromised by hackers exploiting Citrix Bleed vulnerability

by
Millions of Xfinity customer data compromised by hackers exploiting Citrix Bleed vulnerability

Comcast’s Xfinity cable unit faced a cybersecurity breach due to the Citrix Bleed vulnerability, affecting approximately 36 million customers. Hackers accessed customer information by exploiting the vulnerability, resulting in a data breach. The breach impacted Xfinity systems for a few days in mid-October, with hackers gaining access to customer usernames, passwords, and personal details like … Read more

Comcast Links Data Breach Impacting 36 Million Customers to Citrix Vulnerability

by
Comcast Links Data Breach Impacting 36 Million Customers to Citrix Vulnerability

Comcast Cable Communications, the largest media and telecommunications conglomerate in the United States, disclosed a major data breach involving personal data belonging to 35,879,455 customers of its Xfinity services, including TV, Internet, and home phone. The breach was caused by attackers exploiting a vulnerability in Citrix hardware known as Citrix Bleed. The attackers stole usernames, … Read more

Researchers claim LockBit ransom gang responsible for widespread exploitation of Citrix vulnerability, according to CyberNews.com

by

Researchers have recently uncovered that the LockBit ransomware gang is behind the exploitation of a massive Citrix bug. This revelation comes as a result of an investigation conducted by CyberNews.com. The researchers identified a connection between the ransomware gang and the exploitation of the vulnerability in Citrix, a software company that provides server, networking, and … Read more

Exploited Citrix Vulnerability Used to Access Data from Over 35 Million Comcast Xfinity Customers – Help Net Security

by
Exploited Citrix Vulnerability Used to Access Data from Over 35 Million Comcast Xfinity Customers – Help Net Security

Comcast, a telecommunications company, recently confirmed a breach that compromised the personal information of over 35.8 million Xfinity customers. The breach was a result of CVE-2023-4966, also known as Citrix Bleed, an information disclosure vulnerability in Citrix NetScaler ADC/Gateway devices. This vulnerability was exploited by attackers since the end of August 2023 and became widespread … Read more

Encountering Citrix Bleed: The Security Vulnerability Troubling Cyber Defenders in 2024 – Axios

by

Introducing Citrix Bleed: a new security flaw that is set to challenge cyber defenders in 2024. This vulnerability has the potential to infiltrate systems and compromise sensitive information. Cybersecurity experts are already bracing for the impact of this threat, as it has the potential to cause significant damage to organizations and individuals. Stay informed and … Read more

CISA Urges Federal Agencies to Patch Citrix RCE Vulnerability Within Seven Days

by
CISA Urges Federal Agencies to Patch Citrix RCE Vulnerability Within Seven Days

The Cybersecurity and Infrastructure Security Agency (CISA) has directed US federal agencies to defend their systems against three zero-day vulnerabilities in Citrix NetScaler and Google Chrome. These vulnerabilities have been patched but are actively being exploited in attacks, making them high-risk for federal enterprises. Citrix has advised its customers to immediately patch their Internet-exposed NetScaler … Read more

Chrome, Ivanti, and Citrix: Weekly Vulnerability Review for 1/22/24

by
Chrome, Ivanti, and Citrix: Weekly Vulnerability Review for 1/22/24

This week’s cybersecurity news brings attention to several vulnerabilities, including issues with GitHub credentials, a new Chrome fix, and hidden malware in pirated apps. Both Citrix and Ivanti are facing challenges with vulnerabilities in their products. The content also highlights the detection of nine vulnerabilities in an open source UEFI implementation and the discovery of … Read more

Microsoft Rewards Tenable Bug Bounty for Azure Vulnerability, Deems Fix Unnecessary but Documentation Improvement Required.

by
Microsoft Rewards Tenable Bug Bounty for Azure Vulnerability, Deems Fix Unnecessary but Documentation Improvement Required.

A security flaw in Microsoft’s Azure cloud discovered by Tenable Vulnerability Assessment Team researchers allows bad actors to bypass firewall rules and access private web resources of other Azure customers. The issue stems from service tags in Azure that group IP addresses used by Azure services. Tenable warns that a rogue Azure customer could exploit … Read more

Government authorities and companies exposed due to vulnerability in Cisco Webex cloud service – Help Net Security

by
Government authorities and companies exposed due to vulnerability in Cisco Webex cloud service – Help Net Security

A vulnerability in Cisco Webex Meetings Cloud allowed a German journalist to discover links to video conference meetings conducted by the Bundeswehr and the Social Democratic Party of Germany. The bug also affected other organizations using the Webex cloud service, allowing access to information about past and future meetings with various government offices and companies … Read more