December 19, 2023 at 06:00PM
35 million customers of Comcast Xfinity have been affected by the CitrixBleed vulnerability, leading to a breach of customer data, including sensitive information. Although Comcast promptly patched and mitigated the vulnerability, attackers were still able to exfiltrate a large amount of data over a three-day period. The ongoing threat of CitrixBleed remains high, with active threat groups exploiting it, posing significant risks to organizations.
The meeting notes outlined the impact of the CitrixBleed vulnerability on Comcast Xfinity, resulting in a breach of customer data affecting 35 million individuals. Despite the prompt patching and mitigation efforts claimed by Comcast, the breach occurred from Oct. 16 to 19, leading to the exfiltration of sensitive customer data. The breach prompted the reset of all Xfinity customer passwords, with some customers already receiving the prompt prior to the public disclosure.
The ongoing threat of CitrixBleed was emphasized, with indications of active threat groups and ransomware gangs exploiting the vulnerability. Chris Morgan, a cyber threat intelligence analyst at ReliaQuest, highlighted the ease of exploitation and the potential for threat actors to access session tokens even after patching, posing a continued risk for susceptible organizations.
It is imperative that organizations take comprehensive action, including invalidating active and persistent session tokens, to mitigate the ongoing threat posed by CitrixBleed and other potential cybersecurity risks.