T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of tens of millions of individuals. The massive breach impacts roughly 7.8 million T-Mobile postpaid customers, 850,000 T-Mobile prepaid users, and approximately 40 million former or prospective ones. Adding it all up, the attackers stole records belonging to 48.6 million individuals, including current, former, or prospective T-Mobile customers. READ MORE...
Hundreds of thousands of Indiana residents are being notified of a data breach involving responses collected via the Hoosier State's COVID-19 online contact tracing survey. A software misconfiguration that left information exposed to the public was discovered by an unnamed vulnerability-hunting company. The company informed state officials of the breach on July 2 after they were able to access and download the data. READ MORE...
Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018. In multiple attacks detected in May and July, the hackers combined social engineering techniques with an updated malware variant that would ultimately give them remote access to the infected machine. READ MORE...
"We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin." This is what Jon DiMaggio, Chief Security Stretegist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled "Nation State Ransomware". The whitepaper is Analyst1's attempt to identify the depth of human relationships between the Russian government and the ransomware threat groups based in Russia. READ MORE...
Adobe has issued a warning for a pair of major security vulnerabilities affecting its popular Photoshop image manipulation software. The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software's automatic updating mechanism. READ MORE...
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend. "On Friday night (13) a ransomware attack on the internal network of the National Treasury Secretariat was identified," the Brazilian government revealed on Saturday evening. The threat was contained after the attack was detected, and the Federal Police was contacted immediately after the containment measures were applied. READ MORE...
Operators of an apparent Russian propaganda campaign shared coronavirus disinformation in an effort to influence the American far-right, according to a report out Tuesday by cybersecurity firm Recorded Future. The findings are included in a new report shedding light on a long-running Russian propaganda campaign known as Operation Secondary Infektion. The years-long campaign has used regional European websites, forged documents and throwaway accounts to further Russia's political agenda in Europe. READ MORE...
Security researchers have found yet another critical IoT supply chain vulnerability affecting millions of devices, which could enable attackers to eavesdrop on real-time camera feeds. Mandiant revealed the CVE-2021-28372 bug yesterday after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA). It affects devices using the "Kalay" platform from Taiwanese firm ThroughTek, which makes software for OEMs to use in IP cameras, digital video recorders, and more READ MORE...