Skip to content
Back to Blog

news · 5 min read

Bulletin — December 2023

EU AI Act reaches political agreement after a 38-hour trilogue. Comcast Xfinity notifies 35.7M accounts via Citrix Bleed. BlackCat suffers a law-enforcement operation. Sleeper agents paper in preprint. Year retrospective.

· Manuel López Pérez · news

EU AI Act reaches political agreement after a 38-hour trilogue. Comcast Xfinity notifies 35.7M accounts via Citrix Bleed. BlackCat suffers a law-enforcement operation. Sleeper agents paper in preprint. Year retrospective.

December closes a long year. Three specific notes — EU AI Act, Comcast Xfinity, BlackCat takedown — and a retrospective with the five incidents that best define 2023.

EU AI Act — political agreement of 9 December

After a 38-hour trilogue, Council and Parliament close the deal. Technical text and OJEU publication still pending (expected July 2024). General application 24 months later; some obligations sooner (Article 5 prohibitions at 6 months; GPAI at 12 months). Fines up to €35M or 7% of global turnover for prohibited systems.

We’ve published the operational analysis: which obligations arrive, when, and over whom. For a CISO/DPO in 2024 the work starts with inventory and classification; the binding obligations don’t land until 2025 at the earliest.

Comcast Xfinity — 35.7M accounts via Citrix Bleed

18 December. Comcast notifies that personal data on 35.7 million Xfinity accounts was exposed in a compromise between 16 and 19 October. Initial vector: Citrix Bleed (CVE-2023-4966), patched by Comcast on 23 October — several days late relative to the 10 October advisory. Attackers entered through the window between patch availability and effective application.

Data exposed: names, hashed passwords, partial SSN, dates of birth, security questions/answers. Comcast forces a global password reset.

This is the largest documented Citrix Bleed case (covered in the October post) and underlines the operational lesson: 10–13 days of patch hygiene isn’t enough when the bug is being actively exploited as zero-day before disclosure.

Source: https://corporate.comcast.com/press/releases/comcast-discloses-customer-data-incident-citrixbleed-vulnerability

BlackCat / ALPHV — Operation Cronos preview

19 December. The BlackCat (ALPHV) extortion portal disappears from the internet. “This website has been seized” appears on the page, with logos from the FBI, Europol and 13 other agencies. BlackCat responds by setting up a mirror and claims the takedown wasn’t complete.

It’s the preview of Operation Cronos, the coordinated operation made public in February 2024 against LockBit. In December 2023 we only see the initial phase: the FBI publishes a free decryption tool for BlackCat victims, generated from keys obtained during the operation.

Operational impact at year-end: significant drop in BlackCat-attributed victims through December; the group’s affiliates move to other operators.

Source: https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant

Sleeper agents — paper preprint

Through December, Anthropic shares drafts of the formal sleeper-agents paper. Official publication lands on 12 January 2024 (arxiv 2401.05566). Concept: models trained with a hidden trigger that pass safety training and behave adversarially in production.

We’ve covered what’s known and what’s debated in the November post.

2023 retrospective — five incidents that best define the year

Without pretending to an exhaustive ranking, the five events whose echo we’ll feel most in 2024:

1. MOVEit / Cl0p — June

Cl0p turns a pre-auth SQLi in MOVEit Transfer into a campaign that ends with 2,700+ organisations. The largest software-extortion campaign of the decade. Covered in the dedicated post and the June bulletin.

Echo in 2024: bug class and modus operandi repeatable in any managed file transfer. The next MFT with a critical bug will get the same treatment.

2. Storm-0558 — July

Microsoft admits a suspected China-nexus actor accessed US government mailboxes for months with a stolen key that had been active for two years. Covered in the July bulletin. Echo in 2024: Microsoft changes policy and publishes detailed audit logs across all E3+ tiers from September. CSRB publishes the report in April 2024 with recommendations affecting the whole cloud sector.

3. Citrix Bleed — October / November

CVE-2023-4966 exposes session tokens on NetScaler. Boeing, ICBC, Comcast (35.7M accounts), DP World fall between October and December. Covered in the October post. Echo in 2024: session-based MFA stops being sufficient. Session binding, device posture, continuous evaluation go from nice-to-have to requirement.

4. Sydney + Greshake — February (and all of AI security through the year)

On 8 February Kevin Liu extracts Bing Chat’s system prompt. On 23 February Greshake et al. publish the canonical paper on indirect prompt injection. What follows: markdown exfil in April, GCG suffix in July, confused deputy in September, foreshadowed sleeper agents in November. Echo in 2024: AI security professionalises. OWASP LLM Top 10 v1.0 in August, AI Act in December, first wave of commercial defence tools (Lakera, Protect AI, NeMo Guardrails).

5. OpenSLP / ESXiArgs — February

A 2021 vulnerability still unpatched serving as the base for a massive ransomware campaign against VMware ESXi. 2,400+ encrypted servers. Covered in the February bulletin. Echo in 2024: the patch-hygiene lesson on enterprise virtualisation doesn’t get learned. The same pattern repeats on different hypervisors throughout 2024.

Rest of the month

  • CVE-2023-50164 — Apache Struts2 pre-auth RCE, leaves several commercial products exposed (Cisco ISE among them).
  • Google AI policy changes — updates terms for Gemini integration in Workspace, with specific data scope for business plans.
  • KyberSlash — vulnerability in the ML-KEM library (Kyber post-quantum), patched before official disclosure. Low impact for 2023, medium-term relevance.

Cross-cutting pattern of the year

If I have to distil 2023 in one sentence: the operational attacker invests time, the defender works in a hurry. APT28 sits inside the Outlook NTLM bug for a year before the patch. UNC4841 sits inside Barracuda for 7 months. Cl0p weaponises MFT zero-days with industrial discipline. Storm-0558 keeps a stolen key active for two years. AI security actors publish papers over months. The defender — who has to patch, rotate, investigate, train the team — works in weeks and, when there’s an incident, in days.

The 2024 operational plan that comes out of 2023 is clear: reduce the delta between attacker time and defender time. That runs through less perimeter, more telemetry, patch + rotate instead of patch alone, and accepting that any appliance opaque to the customer is a shared responsibility with the vendor — not delegated ownership.

That closes the year. See you in January with the first 2024 post and a calendar that already has dates marked: EU AI Act final text in Q1, GPAI obligations countdown starting.

Share:
Back to Blog

Related Posts

View All Posts »
Bulletin — July 2023

news · 5 min

Bulletin — July 2023

GCG suffix from Zou et al. automates jailbreaking. Storm-0558 stole a Microsoft signing key and read US government email. EU AI Act published in OJEU. Citrix NetScaler CVE-2023-3519 exploited in the wild.

· Manuel López Pérez

Bulletin — February 2024

news · 10 min

Bulletin — February 2024

ConnectWise ScreenConnect CVSS 10.0 from adding a trailing slash to a URL. Volt Typhoon has been inside US critical infra for five years. Operation Cronos takes down LockBit. AnyDesk loses its signing certs. BlackCat downs ChangeHealthcare. And ArtPrompt shows that safety classifiers don't read ASCII art.

· Manuel López Pérez

Bulletin — November 2023

news · 5 min

Bulletin — November 2023

OpenAI DevDay announces GPTs and Assistants API; Sam Altman is fired and reinstated in five days. SysAid CVE-2023-47246. LockBit exploits Citrix Bleed against Boeing and ICBC. Anthropic foreshadows sleeper agents.

· Manuel López Pérez