Security News
Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. CVE-2023-4966 - an information disclosure vulnerability in Citrix NetScaler ADC/Gateway devices - was disclosed on October 10, when Citrix issued a patch to fix the vulnerability.
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. Similar to Gmail, Xfinity allows customers to configure a secondary email address to be used for account notifications and password resets in the event they lose access to their Xfinity account.
More details about a now-patched vulnerability in Comcast's XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11 remotes are some of the most common around, with more than 18 million scattered across homes in the U.S. A man-in-the-middle attack conducted by researchers at Guardicore, dubbed "WarezTheRemote," allowed the team to listen in on conversations from up to 65 feet away.
One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."
Researchers from segmentation solutions provider Guardicore have identified a series of vulnerabilities that could have been exploited by a hacker to turn a TV remote into a spying device. The research focused on the XR11 remote provided by Comcast to Xfinity customers.
Could your cable TV device spy on you? Vulnerability found and patched in Comcast TV remote. Security firm Guardicore reverse-engineered the firmware update process for Comcast's XR11 remote to take control of the device.
A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it. Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.
A security flaw allowing attackers to remotely snoop in on victims' private conversations was found to stem from an unexpected device - their TV remotes. The flaw stems from Comcast's XR11, a popular voice-activated remote control for cable TV, which has more than 18 million units deployed across the U.S. The remote enables users to say the channel or content they want to watch rather than keying in the channel number or typing to search.
Dubbed WarezThe Remote, the attack allowed taking over the remote and snooping on conversations from at least 65 feet, making possible a "Van parked outside" scenario. Unlike regular remotes that use infrared, Comcast's XR11 relies on radiofrequency to communicate with cable set-top boxes and comes with a built-in microphone to allow voice commands.
Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced. This means the ISP, which has joined Moz's Trusted Recursive Resolver Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels.