<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/22/2019

Breaches_ITSEC-1

T-Mobile Discloses Data Breach Impacting Prepaid Customers

T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party. "Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account," the breach notification says.


Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. This is an unfortunate story and one that BleepingComputer does not enjoy telling, but with Maze's actions it is important to be told.


WeWork customer contracts were left exposed on GitHub

Confidential contracts belonging to clients of WeWork were left exposed and accessible to the public via GitHub. The leak was first spotted by Mossab Hussein, a security researcher at Dubai-based security firm SpiderSilk. The issue affected a subset of WeWork customers based in Europe, India and China, and exposed details including phone numbers, addresses and bank account details.

Hacking_ITSEC

Linux Webmin Servers Under Attack by Roboto P2P Botnet

Vulnerable Linux Webmin servers are under active attack by a newly-discovered peer-to-peer (P2P) botnet, dubbed Roboto by researchers. The botnet is targeting a remote code-execution vulnerability (CVE-2019-15107) in Webmin, a web-based system configuration tool for Linux servers. CVE-2019-15107 was previously patched on Aug. 17 and can be mitigated by updating to Webmin 1.930, said researchers with NetLab 360.

Info_Security_ITSEC

Malwarebytes Explained: juice jacking

When your battery is dying and you’re nowhere near a power outlet, would you connect your phone to any old USB port? Joyce did, and her mobile phone got infected. How? Through a type of cyberattack called “juice jacking.” Don’t be like Joyce. Although Joyce and her infected phone are hypothetical, juice jacking is technically possible. The attack uses a charging port or infected cable to exfiltrate data from the connected device or upload malware onto it.