Lmst

Prior recaps on #CitrixBleed and LockBit by me: https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee

https://doublepulsar.com/mass-exploitation-of-citrixbleed-vulnerability-including-a-ransomware-group-1405cbb9de18

https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f

The Boeing #CitrixBleed incident led to a $200m ransom demand: https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

UnitedHealth hackers used stolen Citrix credentials, CEO says⤵️
#UnitedHealth #databreach #cyberattack #Citrixbleed #cybersecurity #infosec

https://cnews.link/unitedhealth-hack-exploits-citrix-bug/

Another #CitrixBleed, this one from mid November. 200k people impacted. HT @euroinfosec

https://apps.web.maine.gov/online/aeviewer/ME/40/5f9aa393-9c7a-49e0-855f-5e36adfb9e6c.shtml

#MOVEit, #Capita, #CitrixBleed and more: The biggest #data #breaches of #2023

Hackers had a busy year exploiting popular file-transfer tools and targeting under-resourced organizations

https://techcrunch.com/2023/12/27/moveit-capita-citrixbleed-biggest-data-breaches-2023/

The Church of Sweden(Svenska Kyrkan) was ransomwared on the 23rd of November. This is now being attributed to BlackCat.

Here's a #Citrixbleed vulnerable server serving a wildcard cert for *.svenskakyrkan.se, last scanned by Shodan on the 23rd. Probably not related at all

Shodan search result for hostname:*.svenskakyrkan.se http.favicon.hash:-1292923998,-1166125415 showing one match(195.67.170.34) running Netscalar Gateway

#CitrixBleed erst nach zwei Wochen gepatcht: 36 Millionen Kundendaten abgegriffen | Security https://www.heise.de/news/CitrixBleed-erst-nach-zwei-Wochen-gepatcht-36-Millionen-Kundendaten-abgegriffen-9579227.html

Like I always say, update yo stuff!

Comcast held a virtual door open for thieves to steal data - Desk Chair Analysts

https://dcanalysts.net/comcast-held-a-virtual-door-open-for-thieves-to-steal-data/

#Citrix #CitrixBleed #Comcast #InfoSec #Security #Xfinity #TechNews #DCA

#Comcast Xfinity data breach affects over 35 million people

A #CitrixBleed fatality.

Data accessed includes customer usernames and hashed* passwords. Xfinity is forcing password changes next time you sign into an account.

In some cases data accessed may include:

- Last 4 of SSN
- DOBs
- Secret Questions / Answers exposed

#cybersecurity #security #infosec #xfinity

https://www.theverge.com/2023/12/18/24007082/xfinity-data-breach-hack-notice-citrix

#Comcast’s #Xfinity customer data exposed after #CitrixBleed attack
https://securityaffairs.com/156147/data-breach/comcasts-xfinity-customer-data-exposed-after-citrixbleed-attack.html
#securityaffairs #hacking #Citrix

#Comcast has disclosed a #CitrixBleed-related data breach which affected 35 million #Xfinity customers. The impacted info included names, contact information, last four digits of social security numbers, dates of birth and secret questions and answers.

@GossiTheDog

https://apps.web.maine.gov/online/aeviewer/ME/40/49e711c6-e27c-4340-867c-9a529ab3ca2c.shtml

@blogdiva Some of it is probably just #citrixbleed being a particularly nasty combination of a solid exploit for core software infrastructure that tons of big businesses use and habitually lag behind in patching, though of course that is itself on several levels a symptom of an overall problem with how American companies are being run.

CTS, a cloud provider for legal firms in the UK, who were late patching #CitrixBleed, have appeared on Cactus ransomware's portal today.

They're offering downloads of CTS customer data. #threatintel

Two days left to patch those Netscalers against #Citrixbleed before you're on change freeze for a month!

Great take on HHS's #CitrixBleed alert in a recent edition of SANS NewsBites.

Supply-chain ransomware attack causes outages at over 60 credit unions - Ransomware hits firm that providing cloud services to credit unions in order ensure that ... https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions #vulnerability #citrixbleed #ransomware #databreach #guestblog #dataloss #malware

Supply-chain ransomware attack causes outages at over 60 credit unions https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions #Vulnerability #vulnerability #CitrixBleed #Ransomware #databreach #ransomware #Guestblog #Dataloss #Malware

Supply-chain ransomware attack causes outages at over 60 credit unions.

#cybersecurity #databreach #ransomware #vulnerability #citrixbleed

Chain snapping in front of notification of cyber security incident.

"Payments to ransomware and extortion groups need to be outlawed. I know, I know, it will be hard and there’s a million reasons to argue against it and lots of vested interests who don’t want this. ... I mean it — ransomware payments to these groups need to be outlawed, internationally." - Kevin Beaumont (aka @GossiTheDog )

#ransomware #CitrixBleed #security

https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f

My mate Nessus here actually putting #citrixbleed lower down the risk rating than SSLv3.

#Citrixbleed

Client Info