Information Security, Passwords and Telecommunications

European Telecommunications Standards Institute (ETSI) suffered a data breach

Security Affairs

OCTOBER 2, 2023

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ).

Telecommunications

Telecommunications Data breaches Technology Cybersecurity

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The telco notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. 

Data breaches

Data breaches Telecommunications Banking Mobile

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Therefore, educating your employees about the importance of security to your network is critical.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

JANUARY 30, 2024

Based on the collected feedback, cybersecurity experts were able to build the following statistics: 45% were not aware about the identified compromised credentials and acknowledged successful password change and enabled 2FA; 16% were already aware about the identified compromised credentials as a result of infection by malicious code and made necessary (..)

Engineering

Engineering Passwords Telecommunications Accountability

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

.” T-Mobile said that threat actors did not access names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches

Data breaches Mobile Telecommunications Wireless

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Security Affairs

JULY 10, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States.

Mobile

Mobile Data breaches Telecommunications Passwords

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director. In response to the incident, the SFO Airport reset all email and network passwords.

Data breaches

Data breaches Hacking Telecommunications Passwords

AT&T is notifying millions of customers of data breach after a third-party vendor hack

Security Affairs

MARCH 10, 2023

AT&T is warning some of its customers that some of their information was exposed after the hack of a third-party vendor’s system. AT&T is notifying millions of customers that some of their information was exposed after a third-party vendor was hacked. ” Exposed data don’t include financial information (i.e.

Data breaches

Data breaches Hacking Wireless Telecommunications

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Telecommunications Data breaches Identity Theft

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The experts noticed that the infection chain was distinct, with 99% of infections originating in Turkey, primarily from two major telecommunications providers. The malware passively monitors network packets for “credential markers,” including usernames, passwords, and authentication tokens.

Malware

Malware DNS Authentication Telecommunications

T-Mobile data breach has impacted 48.6 million customers

Security Affairs

AUGUST 18, 2021

million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. . “Our preliminary analysis is that approximately 7.8

Data breaches

Data breaches Mobile Telecommunications Wireless

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Hackers have stolen O2 customers’ data from a database run by Aerial Direct , one of the largest UK partners of the telecommunications services provider. “We recently became aware that some of our customers’ personal information stored on one of our databases has been accessed without permission. Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Passwords Advertising

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Security Affairs

OCTOBER 19, 2021

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. Sectors targeted include telecommunications, government, and information technology (IT). At this time, the APT group is mostly targeting organizations in Afghanistan.

Telecommunications

Telecommunications Government Malware Encryption

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

The channel’s security must be impenetrable. They generally get into your system by guessing the password, leveraging API loopholes, or exploiting bad codes. For a channel to be secure, it should be reliable and trustworthy. The Best Ways to Secure Communication Channels . You can share passwords and secret notes.

VPN

VPN Passwords Encryption Mobile

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

The Emotet campaign uses malicious emails that attempt to trick recipients into opening the zipped archive with the password included in the message. Emails accessed in this way require user action: open the file, unzip it with a password. Emails accessed in this way require user action: open the file, unzip it with a password.

Passwords

Passwords Malware Telecommunications Banking

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information. Use a variation of unique passwords to access online accounts.

Mobile

Mobile Cryptocurrency Authentication Accountability

21 Million stolen credentials from Fortune 500 companies available on the dark web

Security Affairs

OCTOBER 31, 2019

. “As many as 95% of the credentials contained unencrypted, or bruteforced and cracked by the attackers, plaintext passwords.” ” The following table shows stolen credentials per industry: Most of the login credentials (95%) include plaintext passwords, 76% of them were compromised during the last 12 months.

Passwords

Passwords Telecommunications Advertising Retail

Ubisoft suffered a cyber security incident that caused a temporary disruption

Security Affairs

MARCH 12, 2022

. “Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. As a precautionary measure we initiated a company-wide password reset.” Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Data breaches

Data breaches Telecommunications Hacking Cyber Attacks

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless

Wireless Data breaches Mobile Telecommunications

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers.

Telecommunications

Telecommunications Technology Hacking Malware

Sinclair TV stations downtime allegedly caused by a ransomware attack

Security Affairs

OCTOBER 18, 2021

Sinclair Broadcast Group is a Fortune 500 media company, the group is a publicly-traded American telecommunications conglomerate having annual revenues of $5.9 In July, the company suffered another security incident, in response to the security breach it forced all Sinclair stations to reset their passwords.

Ransomware

Ransomware Media Telecommunications Marketing

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane. Security experts at Dragos Inc. reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Another tool used by the group is kl.

DNS

DNS Passwords Penetration Testing Social Engineering

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director. In response to the incident, the SFO Airport reset all email and network passwords.

Data breaches

Data breaches Passwords Telecommunications Advertising

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

Just after the WorldNet Telecommunications, the LG electronics fall as a victim of the Maze ransomware operators.” . “As part of our regular darkweb monitoring, our researchers came across the data leak of LG Electronics been published by the Maze ransomware operators. ” reads the post published by Cyble.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

Crooks use math symbols to evade anti-phishing solutions

Security Affairs

OCTOBER 13, 2021

The experts analyzed the case of a campaign targeting the customers of the telecommunication giant Verizon, attackers used a square root symbol, a logical NOR operator, or the checkmark symbol itself. The trick adopted by the crooks aims at creating a sort of optical interference that could allow bypassing anti-spam solutions.

Phishing

Phishing Telecommunications Accountability Marketing

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others. In the case of leakage, there is no time to regret your unrealized security controls or not conducted information security training. And what you should do with it?

Data breaches

Data breaches Accountability Telecommunications Malware

What Is Penetration Testing? Complete Guide & Steps

eSecurity Planet

MARCH 7, 2023

For example, some methods meet national security and federal standards, while others are focused on private companies. NIST Developed by NIST, an agency of the United States Department of Commerce, NIST Special Publication 800-115 , Technical Guide to Information Security Testing and Assessment is the most specific from start to finish.

Penetration Testing

Penetration Testing Wireless Passwords Social Engineering

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

The Security Ledger

MARCH 13, 2019

» Related Stories Podcast Episode 129: Repair Eye on the CES Guy and Sensor Insecurity EU calls for End to Default Passwords on Internet of Things Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise. Forget about Congress’s latest attempt to regulate IoT security. Here’s why.

IoT

IoT Cybersecurity Internet Internet

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO

CISO Encryption Telecommunications Financial Services

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

The German Federal Office for Information Security (BSI) issued a warning about the use of Kaspersky products. [ In a post made in a Telegram group - allegedly run by the actor - the adversary recruits employees working at telecommunication, technology, or software companies.

Ransomware

Ransomware Malware Government Antivirus

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Security Affairs

JUNE 25, 2019

Once compromised the networks of telecommunication companies, attackers can access to mobile phone users’ call data records. “Based on the data available to us, Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers.

Telecommunications

Telecommunications Hacking Mobile Advertising

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Security Affairs

DECEMBER 15, 2021

Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. In the recent campaign against telecommunication, the attackers may have attempted to pivot to other targets by connecting to the Exchange Web Services (EWS) of other organizations.

Telecommunications

Telecommunications Passwords Phishing Hacking

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Cyber threat management , being an advanced discipline, craves analytical attention and a commander’s strategic skills of information security executives to confront and overcome the multi-dimensional cyber threats.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Red TIM Research found two rare flaws in Ericsson OSS-RC component

Security Affairs

OCTOBER 25, 2021

The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio and Core (OSS-RC) provides a centralized interface into the radio and core components. CVE-2021-32571.

Telecommunications

Telecommunications Software Passwords Hacking

T-Mobile suffered a new data breach, 37 million accounts have been compromised

Security Affairs

JANUARY 20, 2023

T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts. The telecommunications company discovered the intrusion on January 5, 2023, the attackers obtained data through a single Application Programming Interface (“API”) without authorization.

Data breaches

Data breaches Mobile Accountability Telecommunications

European Telecommunications Standards Institute (ETSI) suffered a data breach

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Webinars

Trending Sources

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Webinars

NCSC: New UK law bans default passwords on smart devices

China-linked LightBasin group accessed calling records from telcos worldwide

230K individuals impacted by a data breach suffered by Telco provider Tangerine

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Hundreds of network operators’ credentials found circulating in Dark Web

China-linked threat actors have breached telcos and network service providers

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

3.5m IP cameras exposed, with US in the lead

SFO discloses data breach following the hack of 2 of its websites

AT&T is notifying millions of customers of data breach after a third-party vendor hack

T-Mobile customers were hit with SIM swapping attacks

Cuttlefish malware targets enterprise-grade SOHO routers

T-Mobile data breach has impacted 48.6 million customers

Aerial Direct, the O2’s largest UK partner suffered a data breach

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

The Best Ways to Secure Communication Channels in The Enterprise Environment

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

21 Million stolen credentials from Fortune 500 companies available on the dark web

Ubisoft suffered a cyber security incident that caused a temporary disruption

T-Mobile discloses data breach affecting prepaid wireless customers

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Sinclair TV stations downtime allegedly caused by a ransomware attack

Lyceum APT made the headlines with attacks in Middle East

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Maze ransomware operators claim to have breached LG Electronics

For nearly a year, Brazilian users have been targeted with router attacks

Crooks use math symbols to evade anti-phishing solutions

What to do if your company was mentioned on Darknet?

What Is Penetration Testing? Complete Guide & Steps

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

Why CISA is Warning CISOs About a Breach at Sisense

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Cyber Security Awareness and Risk Management

Red TIM Research found two rare flaws in Ericsson OSS-RC component

T-Mobile suffered a new data breach, 37 million accounts have been compromised

Stay Connected