SecureWorld News

NOVEMBER 20, 2023

Federal Communications Commission (FCC) has adopted new rules aimed at enhancing security measures for cell phone accounts. SIM swapping involves the unauthorized transfer of a user's account to a SIM card controlled by malicious actors, achieved by convincing the victim's wireless carrier to make the change.

Mobile 85

Mobile Wireless Artificial Intelligence Accountability 85

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications 99

Telecommunications Authentication Passwords Accountability 99

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability 332

Accountability Mobile Banking Passwords 332

Security Affairs

JANUARY 31, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN 100

VPN Malware Authentication Small Business 100

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance 143

Surveillance Authentication Telecommunications Manufacturing 143

Krebs on Security

JANUARY 29, 2020

KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.

Social Engineering 243

Social Engineering Telecommunications Data privacy Engineering 243

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 98

Mobile Cryptocurrency Authentication Accountability 98

Security Affairs

JANUARY 16, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN 90

VPN Authentication Small Business Telecommunications 90

Security Affairs

AUGUST 31, 2021

ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. The issue could be exploited by an unauthenticated attacker to access emails from a target account. Authentication is not required to exploit this vulnerability.”

Authentication 90

Authentication Telecommunications Accountability Information Security 90

Security Affairs

DECEMBER 7, 2023

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Government 117

Government Telecommunications Accountability Phishing 117

eSecurity Planet

JULY 18, 2023

government agency email accounts, but some details remain a mystery. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker group Storm-0558 breached an undisclosed number of email accounts belonging to 25 organizations, including U.S. This issue has been corrected.”

Accountability 74

Accountability Government Authentication Telecommunications 74

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home.

Phishing 353

Phishing VPN Social Engineering Media 353

Security Boulevard

SEPTEMBER 28, 2022

Optus, the second-largest telecommunications company in Australia, has experienced an API security incident – and it might come with a $1 million price tag. According to the OWASP API Security Top 10, broken user authentication constitutes the second biggest API vulnerability. Growing API Usage in Telco Sector Increases Security Risks.

Telecommunications 52

Telecommunications IoT Authentication Digital transformation 52

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Accounting for humans. Each of these organizations performs cyber operations for various reasons.

Cybersecurity 188

Cybersecurity Cybercrime Education Passwords 188

NopSec

JUNE 28, 2022

A new advisory from top federal security and law enforcement agencies warns that state-sponsored cyber actors from the People’s Republic of China (PRC) are exploiting vulnerabilities in commonly used network devices to data from major telecommunications providers.

Telecommunications 52

Telecommunications Authentication Small Business Passwords 52

Malwarebytes

APRIL 14, 2022

The primary goal of Zloader was originally financial theft, stealing account login IDs, passwords and other information to take money from people’s accounts. Microsoft worked with telecommunications providers around the world to disrupt key Zloader infrastructure. Disruption. Stay safe, everyone!

Backups 125

Backups Telecommunications Banking Internet 125

Security Affairs

OCTOBER 13, 2021

The experts analyzed the case of a campaign targeting the customers of the telecommunication giant Verizon, attackers used a square root symbol, a logical NOR operator, or the checkmark symbol itself. The trick adopted by the crooks aims at creating a sort of optical interference that could allow bypassing anti-spam solutions.

Phishing 98

Phishing Telecommunications Accountability Marketing 98

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile 100

Mobile VPN Social Engineering Telecommunications 100

Malwarebytes

OCTOBER 5, 2021

“A global privacy disaster”, “espionage gold”, and “a state-sponsored wet dream” are just some of the comments one can read regarding the breach at Syniverse, a key player in the tech/telecommunications industry that calls itself the “center of the connected world.”

Telecommunications 70

Telecommunications Mobile Accountability Authentication 70

Security Affairs

SEPTEMBER 19, 2023

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The experts reported that the group exfiltrates documents from target systems and attempts to steal email account credentials. “The name of the loader’s process is set to “kworker/0:22” by the prctl command.

Malware 110

Malware Encryption Telecommunications Authentication 110

Security Affairs

FEBRUARY 4, 2019

Attackers exploited the flaw in the SS7 protocol to defeat the 2FA authentication used by Metro Bank to protect its customers. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.”

Banking 106

Banking Telecommunications Authentication Advertising 106

SecureWorld News

OCTOBER 7, 2021

A recent hack discovered by one of the world's largest telecommunications companies has the potential to impact millions of cell phone users worldwide. Several security researchers have expressed concerns over the secondary effects of the breach, including how it could impact 2-factor authentication (2FA).

Data breaches 73

Data breaches Mobile Hacking Authentication 73

SecureWorld News

OCTOBER 6, 2022

Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised.".

Passwords 82

Passwords Telecommunications Government Cybersecurity 82

SecureList

DECEMBER 22, 2022

The threat actors used certificates from Nvidia and Kuwait Telecommunications Company to sign their malware; the former was already leaked, but we’re not sure how they got their hands on the latter. The ransomware – use of Kuwait Telecommunications Company signing certificate. 96eabcc77a6734ea8587599685fbf1b4.

Ransomware 100

Ransomware Telecommunications Malware Encryption 100

Krebs on Security

JUNE 28, 2018

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. Postal Service or the Social Security Administration.

Banking 187

Banking Accountability Mobile Media 187

Security Boulevard

MARCH 15, 2022

It was the Expresso Twitter account that the hackers used to bait the organization to demonstrate their control over the company's IT infrastructure. Other targets include Brazil’s Ministry of Health (MoH) and Brazilian telecommunications operator Claro. Impresa owns the country's largest TV channel and newspaper, SIC and Expresso.

Ransomware 126

Ransomware Telecommunications Firmware Media 126

Security Boulevard

JUNE 26, 2023

Weak access and permissions, therefore, may cause data breaches through: Inadequate authentication – weak verifications can result in data breaches by unauthorized employees in the organization. A lack of security features to upgrade or downgrade a user may result in mismanagement of user accounts.

Data breaches 52

Data breaches Healthcare Telecommunications Financial Services 52

Malwarebytes

JUNE 19, 2023

Instead of Wi-Fi, they use other technologies called Digital Enhanced Cordless Telecommunications (DECT) and Frequency Hopping Spread Spectrum (FHSS). Use multi-factor authentication (MFA) : Pick a baby monitor that allows you to use multi-factor (or 2-factor) authentication.

Passwords 84

Passwords IoT Internet Internet 84

Security Affairs

NOVEMBER 3, 2020

The UNC1945 group carried out attacks aimed at telecommunications companies and leveraged third-party networks to target specific financial and professional consulting industries. ” The threat actor established a foothold on a Solaris 9 server by using the Solaris Pluggable Authentication Module SLAPSTICK backdoor.

Authentication 106

Authentication Telecommunications Advertising Internet 106

Troy Hunt

MARCH 27, 2018

She was pretty shocked when I showed her this as it was precisely the same verbal password as she used to authenticate to her bank. Here's the bigger issue that concerns me in both the Telstra and Optus cases: the security of our telecommunication accounts is increasingly paramount these days.

Passwords 154

Passwords Banking Mobile Telecommunications 154

Security Affairs

FEBRUARY 4, 2019

Attackers exploited the flaw in the SS7 protocol to defeat the 2FA authentication used by Metro Bank to protect its customers. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.”

Banking 49

Banking Telecommunications Authentication Advertising 49

Security Boulevard

FEBRUARY 14, 2022

ForgeRock's enterprise CIAM solution also offers a user-friendly privacy and consent dashboard that enables your customers to manage their data privacy settings, along with the ability to safely share their data with third-parties, such as family members, physicians, accountants, and so on. million customers for more than 60 applications.

Passwords 97

Passwords Retail Digital transformation Risk 97

McAfee

DECEMBER 23, 2019

From healthcare and insurance to manufacturing and telecommunications, cybercriminals spared no industry from their schemes, with a few key verticals bearing the brunt of this year’s attacks. Lack of Appropriate Authentication/Credentials for Sensitive Data. When reflecting on 2019, it’s clear why that is.

Healthcare 54

Healthcare Insurance Artificial Intelligence Authentication 54

CyberSecurity Insiders

JUNE 22, 2021

Yet, there are some key concerns that telecommunication providers need to be aware of if they are going to successfully implement this next generation of connectivity, as well as inspire trust in customers. Estimations from the GSMA predict that by 2025, 5G will account for 21% of total mobile connections , with around 1.8

IoT 101

IoT Mobile Risk Telecommunications 101

Krebs on Security

MAY 2, 2023

Constella reports that for roughly a year between 2021 and 2022, a Microsoft Windows device regularly used by Mr. Mirza and his colleagues was actively uploading all of the device’s usernames, passwords and authentication cookies to cybercriminals based in Russia. The score is only one of many criteria taken into account for employment.

Marketing 252

Marketing Advertising Scams Telecommunications 252

SecureWorld News

NOVEMBER 22, 2021

Additionally, adding a banner or warning to external emails can make it easier to detect spoofed phishing attempts and enabling Domain-based Message Authentication, Reporting & Conformance (DMARC) can help block some attempts. In the Account Compromise and Data Theft variants, containment should follow existing CIRP procedures.

Scams 75

Scams Cybercrime Accountability Banking 75

SecureWorld News

MAY 25, 2023

The threat actor attempts to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials," the announcement said. Here is a CNBC report on the warning from Microsoft.

Firewall 77

Firewall Cyber threats Telecommunications Internet 77