T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current show more ...
U.S. Telecommunications giant T-Mobile disclosed on Thursday that hackers obtained data on 37 million customers through a vulnerable API (application program interface). The disclosure was included in an 8-K filing with the U.S. Securities and Exchange Commission. The post T-Mobile: Leaky API Exposes Data on 37 show more ...
Serious security flaws go unpatched, and ransomware attacks increase against manufacturers.
This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.
Two new reports show ransomware revenues for threat actors dropped sharply in 2022 as more victims ignored ransom demands.
Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.
Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.
Orca Security is one of the companies integrating conversational AI technology into its products.
Layoffs across multiple industries throughout 2022 have coincided with increased efforts by threat actors to target job seekers; ZeroFox Intelligence identified a 30 percent increase in accounts impersonating organizations from Q3 to Q4 in 2022.
Sucuri researchers came across two different database Infections. The first injection redirects users to a spammy sports website and the second injection boosts the authority of a spammy casino website within search engines.
Industrial control system (ICS) operators are being let down by their vendors, after new research revealed that 35% of CVEs published in the second half of 2022 still have no available patch.
While the CSF was initially established as a non-mandatory resource for critical infrastructure, the planned update aims to be more broadly tailored for organizations within government, academia, and industry.
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom.
Synthetic media is video, sound, pictures, virtual objects, or words produced or aided by AI. This includes deepfake video and audio, text-prompted AI-generated art, and AI-generated digital content in VR and AR environments.
Cyber adversaries are mimicking popular software tools in a widespread malvertising campaign that distributes different info-stealers, primarily to deliver IcedID trojan, followed by Vidar Stealer. Other than IcedID and Vidar Stealer, similar campaigns that propagated more malware such as Rhadamanthys Stealer and BatLoader were observed.
The Government Accountability Office said Thursday that U.S. federal departments have implemented just 40% of the cybersecurity recommendations the watchdog agency has issued since 2010.
There was a 48 percent year-over-year jump in 2022 in cyberattacks on cloud-based networks, and it comes at a time when 98 percent of global organizations use cloud services, according to Check Point researchers.
The telecom giant said that the affected data includes name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features.
The Department of Financial Services (DFS) under the Ministry of Finance organized a half-day symposium on cyber security titled Financial Services Cyber Security (FINSCY) in New Delhi on Wednesday.
A report by Recorded Future on the widespread use of Magecart e-skimming revealed nearly 60 million compromised payment card records were posted for sale on dark web platforms. Researchers identified 1,520 unique malicious domains involved in the infection of 9,290 unique eCommerce websites at some point during the year.
The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems.
The postal company, part of International Distributions Services Plc, said it had also resumed exports of letters and from 1900 GMT customers could begin submitting international export letters to its network.
The vulnerabilities can be triggered when a higher-level user simply previews or visits any post by the malicious user, as these social links seem to be included in all of a user's posts.
The HHS has launched a pilot program to tackle Medicare fraud using tree-based artificial intelligence models and deep learning approaches, HHS Chief Information Officer Karl Mathias said Wednesday.
Researchers found a highly sophisticated scheme in which cybercriminals exploited the limited signal available to the verification partners in their targeted environment, including in-app advertising mainly on iOS.
BitKeep says it will compensate victims of a December 2022 hack that cost users $8 million. BitKeep says hacking victims will receive half their stolen funds by the end of February, with the remaining funds slated for payment by the end of March.
Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.
Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data.
Vulnerability management issues are a common problem for many healthcare entities and can become an even bigger concern when unremediated issues are left to linger for years.
A majority of the financial apps targeted by the new Hook malware are located in the U.S., Spain, Australia, Poland, Canada, Turkey, the U.K., France, Italy, and Portugal.
The latest findings from BlackBerry demonstrate an evolution in the group's tactics, wherein a hard-coded Telegram channel is used to fetch the IP address of the server hosting the malware. The IP addresses are periodically rotated.
The CrySIS/Dharma ransomware family has been around for several years – dating back to at least 2016. At least one version of the ransomware had its source code leaked, allowing anyone to purchase and repurpose it for their own ends.
Several vulnerabilities described as having a critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.
Debian Linux Security Advisory 5323-1 - It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.
Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors().
Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
Ubuntu Security Notice 5815-1 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the show more ...
Patient Record Management System version 1.0 suffers from an authentication bypass vulnerability during account recovery.
Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the show more ...
OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.
OpenText Extended ECM versions 20.4 through 22.3 suffer from a pre-authentication remote code execution vulnerability in the Java frontend.
OpenText Extended ECM versions 20.4 through 22.3 suffer from a pre-authentication remote code execution vulnerability in cs.exe.
NetChess version 2.1 suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 5813-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP show more ...
wolfSSL versions prior to 5.5.2 suffer from a heap buffer over-read with WOLFSSL_CALLBACKS and can be triggered with a single Client Hello message.
Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
ASKEY routers version RTF3505VW-N1 suffer from a local privilege escalation vulnerability.
Inout Multi-Vendor Shopping Cart version 3.2.3 suffers from a remote SQL injection vulnerability.
Inout Multi-Vendor Shopping Cart version 3.2.3 suffers from a cross site scripting vulnerability.
In wolfSSL version 5.3.0, man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (above 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer which show more ...
wolfSSL versions prior to 5.5.0 suffer from a denial of service condition related to session resumption. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. The bug occurs after a client performs a handshake against a wolfSSL server show more ...
Red Hat Security Advisory 2023-0069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.24.
Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location,
The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was enforced in the days leading to the enforcement of the General Data Protection Regulation (GDPR) in May 2018,
Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.
Anyone fancying a quick bite to eat in the UK may have found their choices more limited than usual on the high street. Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. Read more in my article on the Hot for Security blog.
Wireless network operator T-Mobile has suffered yet another data breach. And we shouldn't be at all surprised if fraudsters use the information that they have stolen to send convincing phishing messages and scams.
