CyberSecurity Updates

20 Jan

Tech support scammers are still at it: Here’s what to look out for in 2023

Information

Hello, is it me you’re looking for? Fraudsters still want to help you fix a computer problem you never had in the first place. Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years. Using a range of tried-and-tested social engineering tricks, they’ve had considerable success duping victims into handing over their money or sensitive data such as passwords and financial details. It’s…

Read More
20 Jan

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

Information

by Paul Ducklin GUESS YOUR PASSWORD? NO NEED IF IT’S STOLEN ALREADY! Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can…

Read More
19 Jan

New T-Mobile Breach Affects 37 Million Accounts

Data Breaches, Information, Insights

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a “bad actor” abused an application programming interface (API) to…

Read More
19 Jan

T-Mobile Says Hackers Used API to Steal Data on 37 Million Accounts

Information, News

Wireless carrier T-Mobile on Thursday fessed up to another massive data breach affecting  approximately 37 million current postpaid and prepaid customer accounts. In a filing with the Security and Exchange Commission (SEC), T-Mobile said that an unidentified malicious actor abused an API without authorization to access customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan…

Read More
19 Jan

Ukraine Links Data-Wiping Attack on New Agency to Russian Hackers

Attacks, Malware

It has almost been a year since the invasion of Ukraine, and security researchers have discovered a series of new malware deployed against Ukrainian targets. These attacks have caused more global cooperation in support of Ukraine as well as a better understanding of Russian cyber capabilities and tactics. Russians have been targeting telecommunications, new agencies, and social media platforms to disrupt the flow of information within Ukraine. Although several attacks have been successful, CERT-UA has…

Read More
19 Jan

Mailchimp Suffers Second Data Breach in Last Six Months

Attacks, Malware

After the first breach was suffered, Mailchimp stated they’d be reassessing their security posture and making changes. Now that a second breach has occurred, it’s unclear if they did not take these steps, or their new defenses simply failed. Taking preventative security measures can go a long way and save valuable time, money, and reputation. Cyber attacks are not slowing down anytime soon, so it’s advised that companies that have not taken the next steps…

Read More
19 Jan

PayPal Accounts Breached in Credential Stuffing Attack

Attacks, Malware

Credential stuffing attacks are a technique of using lists of credentials from past data breaches against a new site, with the goal of finding an account that reuses those compromised credentials across multiple sites. From and organizational standpoint, the best action to take against credential stuffing attacks is to educate end users on this form of attack and advise them of the dangers of using an identical password across multiple sites. In many cases, however,…

Read More
19 Jan

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

Data Breaches, Malware, Social Engineering

Patching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements, and sometimes the age of devices. According to a recent analysis, a third of vulnerabilities don’t even have patches or remediations available. Out of 926 CVEs — unique vulnerability identifiers — that were included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022, 35% had no patch or remediation available…

Read More
19 Jan

IOTW: Mailchimp suffers another social engineering attack

Attacks, Data Breaches

Marketing automation company Mailchimp has reported that it has been the victim of a social engineering attack-related data breach. This marks the second attack of this kind the company has suffered in less than a year.  The breach took place on January 11 and, according to Mailchimp, involved an “unauthorized actor accessing one of [the] tools used by Mailchimp customer-facing teams for customer support and account administration”.   Following this, the malicious actor launched social engineering…

Read More
19 Jan

Chinese hackers targeted Iranian government entities for months: Report

Data Breaches, Malware, Social Engineering

Chinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according to a Palo Alto Networks report.  The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report. “Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and…

Read More