IT Security Newsletter

IT Security Newsletter - 8/23/2021

Written by Cadre | Mon, Aug 23, 2021

T-Mobile Breach Now Affects 54.6 Million Individuals

Around six million more current and former T-Mobile customers were affected by a recently disclosed data breach, the US carrier has revealed. The firm said it was confident it had now closed off access and egress points for the attack but admitted that the breach impacted many more individuals than at first thought. It said 5.3 million more post-paid customers accounts were compromised, exposing names, addresses, date of births, phone numbers, IMEIs and IMSIs. READ MORE...

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million. READ MORE...

NYC Teachers' Social Security Numbers Exposed

High school students who raised the alarm after discovering a severe data breach involving teachers' personal information say they were ignored for months. In January, students at Brooklyn Technical High School reportedly stumbled across a Google Drive containing documents uploaded by staff and students at schools across New York City. Among the documents were college recommendation letters, classwork, and parent-teacher conference sign-up sheets. READ MORE...

How attackers could exploit breached T-Mobile user data

T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details differed across different types of customers, so the level of risk users are exposed to varies. Victims of the T-Mobile or any other breach where personal data is stolen should be aware of follow-on attacks and take steps to mitigate them. These include SMS/text-based phishing, SIM swapping and unauthorized number porting. READ MORE...

New LockFile Ransomware Variant Exploits "PetitPotam" Bug

Researchers are warning of a new ransomware variant spreading globally via exploitation of the "PetitPotam" vulnerability partially patched by Microsoft last week. Symantec said the "LockFile" variant was first spotted on July 20 in an attack on a US financial services organization and has subsequently targeted at least ten corporate victims around the world up to August 20. READ MORE...

Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits

Researchers have discovered a Nigerian threat actor trying to turn an organization's employees into insider threats by soliciting them to deploy ransomware for a cut of the ransom profits. Researchers at Abnormal Security identified and blocked a number of emails sent earlier this month to some its customers that offered people $1 million in bitcoin to install DemonWare ransomware. The would-be attackers said they have ties to the DemonWare ransomware group, also known as Black Kingdom or DEMON, they said. READ MORE...

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service (DDoS) attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be "extremely detrimental to any network" if carried out. Netscout, which detailed the attack vector, dubbed the type of DDoS attack a Middlebox HTTP Reflection/Amplification (MBHTTP) misconfiguration vulnerability. READ MORE...

Razer bug lets you become a Windows 10 admin by plugging in a mouse

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. READ MORE...

  • ...in 1889, the first ship-to-shore wireless message is received.
  • ...in 1966, the unmanned Lunar Orbiter 1 spacecraft takes the first-ever photograph of Earth from orbit around the Moon.
  • ...in 1990, West and East Germany announce their formal reunification, to be made effective on October 3, 1990.
  • ...in 1991, the World Wide Web is first opened to the general public.