Happy New Year and Thank You to Our 7,000+ Readers!

Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day 
China-linked hackers continue to target Barracuda Email Security Gateway (ESG) appliances, with recent attacks involving the exploitation of a new zero-day vulnerability. Read More

Comcast’s Xfinity Discloses Massive Data Breach Linked To Citrixbleed Vulnerability
The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw. Customers are affected, with names, contact info, birth dates, parts of Social Security numbers, and the stolen answers to secret security questions. Read More

CBS & Paramount Parent National Amusements Discloses Year-Old Data Breach
CBS parent company National Amusements is informing 80,000 individuals of a December 2022 data breach. Read More

Mint Mobile Reveals Another Major Data Breach
SIM serial numbers and IMEI numbers were stolen from Mint Mobile customers. Read More 

3 Main Tactics Attackers Use to Bypass MFA
Notable security breaches have bypassed MFA to compromise Uber, games company EA, and Okta. The old-school social engineering methods, malware, and phishing are working just fine. Read More

A Business Model Based On Mass Copyright Infringement
New York Times files a complaint against Microsoft and OpenAI. Read More

The Department of Defense Releases Proposed CMMC Rule
The rule—which is scheduled to be published on December 26, 2023—is over 200 pages. Read More

DOJ & FBI Issue New Guidelines for Delayed Reporting of Cyber Incidents to the SEC
Public companies can seek a delay of disclosure for incidents that pose a substantial risk to national security or public safety. Read More

Integris Health Notifying Patients Of Hack And Warning Them Not To Respond To The Hackers
Patients are being contacted directly by threat actors. Read More

How Congress Can Rein in Data Brokers
When the Federal Trade Commission unsealed a revised complaint against the data broker Kochava, the most eye-opening revelation was how easy it was to obtain the data offered for sale by the firm. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

In May 2023, a security flaw (CVE-2023-2868) in Barracuda Email Security Gateway (ESG) was exploited by a Chinese cyberespionage group, UNC4841, in October 2022. Mandiant confirmed UNC4841's involvement. The hackers used the flaw to deploy malicious software, and despite Barracuda issuing patches, the attacks persisted. On Christmas Eve, Barracuda revealed a new flaw (CVE-2023-7102), exploited by UNC4841 to deliver malware through Excel files. Barracuda released a patch and advised addressing another vulnerability (CVE-2023-7101) in the 'Spreadsheet::ParseExcel' library. UNC4841 had previously targeted entities in 16 countries, including governments, academics, and foreign trade offices.

A cybersecurity breach at Comcast's residential cable unit, Xfinity, has exposed confidential information of nearly 36 million customers. The breach occurred due to hackers exploiting a critical vulnerability named Citrix Bleed, embedded in Citrix networking devices widely used by major corporations. The delay in implementing Citrix's October patches left many vulnerable. Hackers used Citrix Bleed to access Xfinity systems in mid-October, compromising customer information such as usernames, scrambled passwords, names, contact info, birth dates, parts of Social Security numbers, and answers to security questions. Citrix recommends users update their devices promptly to address security issues.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.