CyberSecurity Updates

20 Jan

Are smart devices cyber secure?

Attacks, Data Breaches

Cyber Security Hub takes a deep dive into smart devices and whether they can hold up against cyber attacks targeting them. In December 2022, Cyber Security Hub asked a range of experts to predict what threats would dominate the cyber security threat landscape in 2023. Tina Grant, quality assessor at UK-based aerospace company Aeorspheres, predicted that cyber attacks targeting smart devices would rise. As artificial intelligence (AI) and machine learning (ML) have developed, the technologies…

Read More
20 Jan

T-Mobile suffers 8th data breach in less than 5 years

Data Breaches, Malware, Social Engineering

Telecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of the personal details of 37 million users, the company reported in a filing to the US Securities and Exchange Commission on Thursday.  Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed, the company revealed.  However, T-Mobile in a…

Read More
20 Jan

Tech support scammers are still at it: Here’s what to look out for in 2023

Information

Hello, is it me you’re looking for? Fraudsters still want to help you fix a computer problem you never had in the first place. Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years. Using a range of tried-and-tested social engineering tricks, they’ve had considerable success duping victims into handing over their money or sensitive data such as passwords and financial details. It’s…

Read More
20 Jan

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

Information

by Paul Ducklin GUESS YOUR PASSWORD? NO NEED IF IT’S STOLEN ALREADY! Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can…

Read More
19 Jan

New T-Mobile Breach Affects 37 Million Accounts

Data Breaches, Information, Insights

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a “bad actor” abused an application programming interface (API) to…

Read More
19 Jan

T-Mobile Says Hackers Used API to Steal Data on 37 Million Accounts

Information, News

Wireless carrier T-Mobile on Thursday fessed up to another massive data breach affecting  approximately 37 million current postpaid and prepaid customer accounts. In a filing with the Security and Exchange Commission (SEC), T-Mobile said that an unidentified malicious actor abused an API without authorization to access customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan…

Read More
19 Jan

Ukraine Links Data-Wiping Attack on New Agency to Russian Hackers

Attacks, Malware

It has almost been a year since the invasion of Ukraine, and security researchers have discovered a series of new malware deployed against Ukrainian targets. These attacks have caused more global cooperation in support of Ukraine as well as a better understanding of Russian cyber capabilities and tactics. Russians have been targeting telecommunications, new agencies, and social media platforms to disrupt the flow of information within Ukraine. Although several attacks have been successful, CERT-UA has…

Read More
19 Jan

Mailchimp Suffers Second Data Breach in Last Six Months

Attacks, Malware

After the first breach was suffered, Mailchimp stated they’d be reassessing their security posture and making changes. Now that a second breach has occurred, it’s unclear if they did not take these steps, or their new defenses simply failed. Taking preventative security measures can go a long way and save valuable time, money, and reputation. Cyber attacks are not slowing down anytime soon, so it’s advised that companies that have not taken the next steps…

Read More
19 Jan

PayPal Accounts Breached in Credential Stuffing Attack

Attacks, Malware

Credential stuffing attacks are a technique of using lists of credentials from past data breaches against a new site, with the goal of finding an account that reuses those compromised credentials across multiple sites. From and organizational standpoint, the best action to take against credential stuffing attacks is to educate end users on this form of attack and advise them of the dangers of using an identical password across multiple sites. In many cases, however,…

Read More
19 Jan

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

Data Breaches, Malware, Social Engineering

Patching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements, and sometimes the age of devices. According to a recent analysis, a third of vulnerabilities don’t even have patches or remediations available. Out of 926 CVEs — unique vulnerability identifiers — that were included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022, 35% had no patch or remediation available…

Read More