Cyber Security Today, Dec. 20, 2023 – Data on over 35 million Comcast customers stolen because patching wasn’t fast enough

Share post:

Data on over 35 million Comcast customers stolen because patching wasn’t fast enough.

Welcome to Cyber Security Today. It’s Wednesday, December 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 American telecommunications provider Comcast Cable wasn’t fast enough to patch a Citrix vulnerability. And that led to the theft of personal data of over 35 million customers of its Xfinity service. In a statement this week the company said Citrix released a patch for the hole on October 10th. Sometime after that Comcast patched and migrated its systems. But then it discovered that between October 16th and the 19th — before systems were mitigated — a hacker got into Comcast’s IT system through the vulnerability. The hole is in Citrix’s NetScaler Application Delivery Controller and Gateway. This vulnerability has been nicknamed CitrixBleed. Researchers at Mandiant told Cybersecurity Dive that the patch plugs the hole, but IT departments have to also make users re-authorize sessions to prevent a threat actor previously exploited the hole from maintaining access. Information copied could have included names, contact information, last four digits of Social Security numbers, dates of birth and/or secret password questions and answers, usernames and hashed passwords.

More big numbers from a data breach. American mortgage company Mr. Cooper now says an October data breach involved the theft of data of nearly 14.7 million current and former customers.

And over 15,000 American residents are being notified their data was stolen from a medical device manufacturer called Zoll Medical Corp. The company says an employee fell for a phishing message. The information stolen, including names, addresses and Social Security numbers, was included in company email messages.

VF Corp., the parent company of apparel brands Vans, Supreme and The North Face, says a cyber attack detected last week encrypted some IT systems. In a regulatory filing it didn’t call the attack ransomware. Personal information was stolen. The attack has disrupted the company’s business during the holiday season, the filing says. Shoppers can place orders on most of the brand’s e-commerce sites. But the ability to fulfill orders has been slowed.

The Rhysida ransomware gang has posted a huge amount of data stolen from Insomniac Games. According to the Australian news site Cyber Daily, this came after a deadline for paying a ransom passed. Many of the published files seem to come from the upcoming Wolverine video game, as well as the company’s Spider-Man 2 game. However part of the stolen data also appears to have been sold to someone.

Shutting the IT infrastructure of a malware operation doesn’t mean distribution goes away. The gang behind the malware often finds a way back. The latest example is the resurfacing of the Qakbot malware. The FBI took down the botnet of 700,000 compromised devices distributing the malware in August. However, Microsoft tweeted this week that someone is sending phishing messages with an infected Qakbot PDF. In one case the sender pretended to be an employee of the U.S. Internal Revenue Service.

The SSH protocol used around the world to protect IT network logins and file transfers is vulnerable to attack. That’s according to German university researchers. In a paper published this week the trio describes an attack called Terrapin that breaks the integrity of SSH’s secure channel. However, to be successful the attacker has to first conduct a successful man-in-the-middle attack at the network layer to modify a connection’s traffic. And the connection must use one of two particular encryption methods. And the attacker has to be on a local network. This kind of attack is difficult on the internet. Still, since quietly being alerted of the problem many vendors have updated their SSH implementation. IT managers should note that both clients and servers have to be patched.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 20, 2023 – Data on over 35 million Comcast customers stolen because patching wasn’t fast enough first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways