Cyber Security Today, Dec. 20, 2023 – Data on over 35 million Comcast customers stolen because patching wasn’t fast enough

Data on over 35 million Comcast customers stolen because patching wasn’t fast enough.

Welcome to Cyber Security Today. It’s Wednesday, December 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 American telecommunications provider Comcast Cable wasn’t fast enough to patch a Citrix vulnerability. And that led to the theft of personal data of over 35 million customers of its Xfinity service. In a statement this week the company said Citrix released a patch for the hole on October 10th. Sometime after that Comcast patched and migrated its systems. But then it discovered that between October 16th and the 19th — before systems were mitigated — a hacker got into Comcast’s IT system through the vulnerability. The hole is in Citrix’s NetScaler Application Delivery Controller and Gateway. This vulnerability has been nicknamed CitrixBleed. Researchers at Mandiant told Cybersecurity Dive that the patch plugs the hole, but IT departments have to also make users re-authorize sessions to prevent a threat actor previously exploited the hole from maintaining access. Information copied could have included names, contact information, last four digits of Social Security numbers, dates of birth and/or secret password questions and answers, usernames and hashed passwords.

More big numbers from a data breach. American mortgage company Mr. Cooper now says an October data breach involved the theft of data of nearly 14.7 million current and former customers.

And over 15,000 American residents are being notified their data was stolen from a medical device manufacturer called Zoll Medical Corp. The company says an employee fell for a phishing message. The information stolen, including names, addresses and Social Security numbers, was included in company email messages.

VF Corp., the parent company of apparel brands Vans, Supreme and The North Face, says a cyber attack detected last week encrypted some IT systems. In a regulatory filing it didn’t call the attack ransomware. Personal information was stolen. The attack has disrupted the company’s business during the holiday season, the filing says. Shoppers can place orders on most of the brand’s e-commerce sites. But the ability to fulfill orders has been slowed.

The Rhysida ransomware gang has posted a huge amount of data stolen from Insomniac Games. According to the Australian news site Cyber Daily, this came after a deadline for paying a ransom passed. Many of the published files seem to come from the upcoming Wolverine video game, as well as the company’s Spider-Man 2 game. However part of the stolen data also appears to have been sold to someone.

Shutting the IT infrastructure of a malware operation doesn’t mean distribution goes away. The gang behind the malware often finds a way back. The latest example is the resurfacing of the Qakbot malware. The FBI took down the botnet of 700,000 compromised devices distributing the malware in August. However, Microsoft tweeted this week that someone is sending phishing messages with an infected Qakbot PDF. In one case the sender pretended to be an employee of the U.S. Internal Revenue Service.

The SSH protocol used around the world to protect IT network logins and file transfers is vulnerable to attack. That’s according to German university researchers. In a paper published this week the trio describes an attack called Terrapin that breaks the integrity of SSH’s secure channel. However, to be successful the attacker has to first conduct a successful man-in-the-middle attack at the network layer to modify a connection’s traffic. And the connection must use one of two particular encryption methods. And the attacker has to be on a local network. This kind of attack is difficult on the internet. Still, since quietly being alerted of the problem many vendors have updated their SSH implementation. IT managers should note that both clients and servers have to be patched.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Sponsored By:

Cyber Security Today Podcast