Cyber Threat Report: Cyber Security News for 01/10/24

Massive Comcast Xfinity Data Breach Impacts 36 Million Customers
Comcast disclosed that hackers exploited a Citrix vulnerability between October 16 and October 19, 2023. Read More

Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V
The company called special attention to a pair of flaws with severe remote code execution risks, urging Windows fleet administrators to prioritize a feature bypass issue in Windows Kerberos and a race condition issue in Windows Hyper-V. Read More

4 Key Takeaways from NIST’s New Guide on AI Cyber Threats
The nearly 100-page paper, titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,” provides a comprehensive overview of the cybersecurity and privacy risks that come with the rapid development of both predictive and generative AI tools over the last few years. Read More

Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion
This acquisition is expected to double HPE’s networking business and expand its portfolio with AI-native networking offerings. Read More

FTC Bans Data Broker From Selling Americans’ Location Data
Under the order released today, the first time data brokers were barred from sharing and selling users' sensitive location data, Outlogic must now delete all unlawfully collected sensitive location data, including any models or algorithms derived from this data. Read More

Data Breach Hits US Department of Transportation, Aviation Records Compromised
The alleged data breach includes crucial details like dates, airlines, flight numbers, origin and destination airports, timing details, distance, and more. Read More

Vulnerabilities Found In High-Power Bosch Wrenches Popular With Carmakers
Threat actors currently can implant ransomware on the device, which can lead to production line stoppages, thus guaranteeing large-scale financial losses for the company. Read More

Merck Settles With Insurers Who Denied $700 Million NotPetya Claim
The undisclosed settlement is the culmination of a years-long court battle that has attracted attention from the cybersecurity and insurance industries because of its implications for defining what constitutes “acts of war” in the cyber context. Read More

Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections
The survey of state and local government leaders across the US found that 14.3% of states were ‘not at all prepared’ to deal with such incidents, with 42.9% only ‘somewhat prepared’ ahead of the 2024 US election cycle. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Comcast Xfinity confirmed a huge data breach affecting nearly 36 million customers, revealing that hackers exploited a Citrix vulnerability back in October of 2023. The breach exposed personal information, including usernames, passwords, and contact details. Comcast faces two class-action lawsuits and potential regulatory scrutiny for failing to safeguard customer data, with experts highlighting the importance of businesses assessing the security measures of their vendors. 

Microsoft just released urgent fixes for 49 security defects, highlighting critical flaws in Windows Kerberos and Hyper-V, with remote code execution risks. The Windows Kerberos flaw could allow attackers to bypass authentication and execute remote code, while the Hyper-V vulnerability poses a risk due to a race condition. Microsoft advises immediate patching for these issues, emphasizing their severity in the latest Patch Tuesday release for 2024.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.