Cybersecurity Briefing: December 12, 2023 - Major Breaches and Vulnerabilities

Lead Story: HPE Breach by Midnight Blizzard

On December 12, 2023, Hewlett Packard Enterprise (HPE) confirmed a significant data breach attributed to the Russia-linked threat actor Midnight Blizzard. The attack, which began in May 2023, compromised HPE's Microsoft Office 365 email environment. Sensitive data was exfiltrated from mailboxes within HPE's cybersecurity and business divisions. Affected individuals were notified today, raising alarms about the persistent threat of nation-state actors targeting major enterprises. This incident underscores the urgent need for robust security measures in cloud environments. Security Affairs

Xfinity Customer Data Breach

Comcast has disclosed a data breach affecting approximately 36 million Xfinity customers. The breach was linked to a vulnerability in Citrix ADC software, which allowed attackers to access sensitive information, including names, email addresses, and Social Security numbers. Citrix is set to release a patch on December 15, 2023, following Comcast's application of a fix on December 16. This incident highlights the risks associated with third-party software vulnerabilities. HTTPCS Blog

Apache Struts Critical Vulnerability (CVE-2023-50164)

A critical security flaw identified as CVE-2023-50164 in Apache Struts has been disclosed, allowing for remote code execution. The error in the software is actively being exploited, prompting urgent attention from organizations using this framework. The Apache Software Foundation has announced that a patch will be released on December 16, 2023. Organizations are urged to prioritize patching to mitigate the risk of exploitation. HTTPCS Blog

Analyst Perspective

The events of December 12, 2023, demonstrate the escalating threats from both nation-state actors and vulnerabilities in widely-used software. HPE's breach serves as a stark reminder of the persistent risk posed by advanced threat groups, while the Xfinity breach and the critical Apache Struts vulnerability highlight the cascading effects of software weaknesses that can impact millions. Organizations must enhance their security posture through proactive vulnerability management and rapid incident response to navigate this complex threat landscape.