Security Affairs

MARCH 4, 2024

LightBasin targeted and compromised mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications 131

Telecommunications Firewall Mobile Malware 131

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance 143

Surveillance Authentication Telecommunications Manufacturing 143

Security Affairs

JANUARY 31, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, x) and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2) reads the advisory published by Ivanti.

VPN 93

VPN Malware Authentication Small Business 93

Security Affairs

JANUARY 16, 2024

Last week, software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x,

VPN 85

VPN Authentication Small Business Telecommunications 85

Security Affairs

AUGUST 31, 2021

. “This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability.” “The specific flaw exists within the authentication of requests to web services within the ecp web application.

Authentication 82

Authentication Telecommunications Accountability Information Security 82

Security Affairs

FEBRUARY 3, 2021

Italy also joins the security bug research, with the Red Team Research laboratory of TIM, an important Italian telecommunications company. The first one, Improper Restriction of Excessive Authentication Attempts (CWE-307), identified as CVE-2020-35590 , has a CVSS3 score of 9.8. The other one is an unauthenticated reflected XSS.

Telecommunications 98

Telecommunications Cyber Attacks Authentication Hacking 98

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “Like domain controllers, AD FS servers can authenticate users and should therefore be treated with the same high level of security.

Malware 121

Malware Authentication Telecommunications Government 121

Security Affairs

FEBRUARY 21, 2020

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. “ vRealize Operations for Horizon Adapter contains multiple security vulnerabilities.” Trinh did not share technical details about the vulnerabilities.

Authentication 115

Authentication Telecommunications Advertising Hacking 115

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. About the essayist: Don Boian is the Chief Information Security Officer at Hound Labs, Inc.,

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance 131

Surveillance Manufacturing Passwords Internet 131

Security Affairs

MAY 6, 2020

The dump was discovered by a Dubai-based cybersecurity firm Rewterz ( @rewterz ) that confirmed its authenticity and the Pakistan Telecommunication Authority (PTA) is investigating the matter. Last month, a hacker offered for sale a dump containing 115 Million Pakistani mobile user records for over $2 million worth of bitcoin.

Mobile 95

Mobile Telecommunications Data breaches Advertising 95

Security Affairs

FEBRUARY 10, 2022

Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts. Do not store passwords, usernames, or other information for easy login on mobile device applications. Be aware of any changes in SMS-based connectivity.

Mobile 93

Mobile Cryptocurrency Authentication Accountability 93

Security Affairs

DECEMBER 7, 2023

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Government 111

Government Telecommunications Accountability Phishing 111

Security Affairs

MARCH 22, 2022

This data leak could have a serious impact on the company if it will be confirmed the authenticity of the leaked files. The documents are for internal use and contain a lot of sensitive information that could be used by a threat actor to carry out additional attacks.

Cybercrime 93

Cybercrime Telecommunications VPN Hacking 93

SC Magazine

MAY 18, 2021

“What zero trust is helping us [to do] is manage the new environment, the new ecosystem we have to support now,” said Mauricio Guerra, Dow Jones Chemical’s director of global information security in keynote at the RSA Conference May 18. Click here for more coverage of the 2021 RSA Conference.

IoT 70

IoT Telecommunications Manufacturing Firewall 70

Security Affairs

SEPTEMBER 19, 2023

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications.

Malware 104

Malware Encryption Telecommunications Authentication 104

Security Affairs

FEBRUARY 12, 2021

The vulnerability allows unrestricted remote code execution with root privileges, without requiring any authentication. TIM is one of the main Italian telecommunications companies, it is one of the few Italian industrial companies that has devoted such an important effort to the search for undocumented vulnerabilities.

Telecommunications 95

Telecommunications Big data Authentication Government 95

Security Affairs

NOVEMBER 3, 2020

The UNC1945 group carried out attacks aimed at telecommunications companies and leveraged third-party networks to target specific financial and professional consulting industries. ” The threat actor established a foothold on a Solaris 9 server by using the Solaris Pluggable Authentication Module SLAPSTICK backdoor.

Authentication 100

Authentication Telecommunications Advertising Internet 100

Security Affairs

JUNE 25, 2020

Just after the WorldNet Telecommunications, the LG electronics fall as a victim of the Maze ransomware operators.” . “As part of our regular darkweb monitoring, our researchers came across the data leak of LG Electronics been published by the Maze ransomware operators. ” reads the post published by Cyble.

Computers and Electronics 102

Computers and Electronics Ransomware Mobile Telecommunications 102

Security Affairs

OCTOBER 13, 2021

The experts analyzed the case of a campaign targeting the customers of the telecommunication giant Verizon, attackers used a square root symbol, a logical NOR operator, or the checkmark symbol itself. The trick adopted by the crooks aims at creating a sort of optical interference that could allow bypassing anti-spam solutions.

Phishing 91

Phishing Telecommunications Accountability Marketing 91

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile 98

Mobile VPN Social Engineering Telecommunications 98

Security Affairs

NOVEMBER 21, 2019

The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace. The targets were all located in the Middle East, Europe, Asia, and Africa.

Malware 104

Malware Telecommunications Advertising Encryption 104

The Security Ledger

MARCH 13, 2019

. » Related Stories Podcast Episode 129: Repair Eye on the CES Guy and Sensor Insecurity EU calls for End to Default Passwords on Internet of Things Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise. Forget about Congress’s latest attempt to regulate IoT security.

IoT 40

IoT Cybersecurity Internet Internet 40

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO 255

CISO Encryption Telecommunications Financial Services 255

eSecurity Planet

OCTOBER 26, 2021

Also read: How to Defend Common IT Security Vulnerabilities. The National Telecommunication and Information Administration (NTIA) admits the currently proposed baseline component attributes are purposely basic, with room for continued development and specific twists depending on the industry. What’s in a SBOM File?

Software 135

Software Risk Healthcare Cybersecurity 135

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. Both malware authenticates themselves to Cryshell through a port-knocking and handshake procedure. ” reads the analysis published by the researchers.

Telecommunications 130

Telecommunications Authentication Malware Internet 130

Security Boulevard

MARCH 24, 2022

2 ] The threat actor leveraged a set of misconfigured Multi-Factor Authentication (MFA) accounts that enabled it to enroll a new device for MFA and to access the victim network. The German Federal Office for Information Security (BSI) issued a warning about the use of Kaspersky products. [ link] (accessed Mar.

Ransomware 59

Ransomware Malware Government Antivirus 59

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. In some campaigns analyzed by Mandiant, the threat actor was using residential IP address ranges to authenticate to target environments.

Malware 107

Malware VPN Telecommunications Accountability 107

Security Affairs

MARCH 23, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Data stolen from the targeted organization were also used for future extortion or public release.

Accountability 101

Accountability VPN Social Engineering Hacking 101

Security Affairs

FEBRUARY 13, 2021

In figure 2 below, ACSIA alerts us that a system/application user has accessed the development platform using ssh key-pair as authentication method (as opposed to password). Remediation options provided by ACSIA are available by clicking the appropriate action to Kill the connection, Ban the IP address etc….

Cybersecurity 97

Cybersecurity Accountability Marketing Software 97

Security Affairs

MAY 5, 2024

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. The Russia-linked APT also targeted NATO entities and Ukrainian government agencies.

Government 111

Government Accountability Cyber Attacks Telecommunications 111

Security Affairs

OCTOBER 22, 2023

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw Multiple APT groups exploited WinRAR flaw CVE-2023-38831 Californian IT company DNA Micro leaks private mobile phone data Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August A flaw in Synology DiskStation Manager allows admin account (..)

Ransomware 109

Ransomware Telecommunications Data breaches Mobile 109