Recent Security News
-
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected
December 19, 2023 at 06:00PM 35 million customers of Comcast Xfinity have been affected by the CitrixBleed vulnerability, leading to a breach of customer data, including sensitive information. Although Comcast promptly patched and mitigated the vulnerability, attackers were still able to exfiltrate a large amount of data over a three-day period. The ongoing threat of…
-
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File
December 19, 2023 at 04:05PM Researchers disclosed two security vulnerabilities in Microsoft Outlook, which, when combined, allow attackers to execute arbitrary code on systems without any user interaction. The vulnerabilities can be triggered using a sound file. Akamai identified the flaws and Microsoft has issued patches, but additional vulnerabilities in the patches have also been…
-
Millions of Xfinity customers’ info, hashed passwords stolen in cyberattack
December 19, 2023 at 03:47PM Millions of Comcast Xfinity customers’ personal data was likely stolen by exploiting Citrix Bleed in October. The breach was discovered during a cybersecurity exercise on October 25, and 35.9 million people were affected. Stolen data includes usernames, hashed passwords, contact details, and secret security question-answers. Xfinity is urging customers to…
-
New Web injections campaign steals banking data from 50,000 people
December 19, 2023 at 03:40PM A new malware campaign, detected by IBM in March 2023, has targeted over 50,000 users across 40 banks globally, attempting to steal banking data. Using JavaScript web injections, the attackers intercepted user credentials and OTPs, gaining access to accounts, changing settings, and performing unauthorized transactions. The evasive campaign employs stealthy…
-
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE
December 19, 2023 at 03:39PM Akamai security researchers have disclosed multiple bypasses for Microsoft’s patches for an Outlook zero-click remote code execution vulnerability. The original issue, CVE-2023-23397, was exploited by a Russian state-sponsored threat actor, prompting Microsoft to release a patch in March 2023. Akamai identified other bypasses, which Microsoft has subsequently addressed in later…