Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label T-Mobile. Show all posts
T-Mobile
Chinese Cyber Threat CISA Cyber Crime cyber espionage Cyber Hackers Cyber Threats CyberCrime Cybersecurity Seerver T-Mobile

T-Mobile System Intrusion Tied to Chinese Cyber Threat

 


T-Mobile Corporation has confirmed that it has been a victim of cyber-espionage campaigns launched against telecom companies for a long time. T-Mobile is the latest telecommunications company to report being affected by a large-scale cyber-espionage campaign waged by state-sponsored hackers in China. 

There has been some confusion as to whether the breach involves customer data or critical systems. However, T-Mobile has maintained that there has been no significant impact on its customers' data and critical systems. This breach is part of a larger attack on major telecom providers, raising questions regarding the security of critical communications infrastructure around the world. 

It has been reported that the FBI and CISA are pursuing investigations into a massive cyber-espionage campaign perpetrated by Chinese-linked threat actors that targeted U.S. telecommunications, stealing call records and accessing private communications of government officials and political figures by compromising networks. 

It was confirmed by the USA intelligence agencies that Chinese threats had penetrated the private communications of a "limited number" of government officials after several U.S. broadband providers had been compromised. 

A cyber spy stole personal information belonging to the targeted individuals, according to court orders, which were subject to a search warrant by the United States government to gather that information. This attack was conducted by an intrusion team targeting the World Expo scheduled to take place in Osaka, Japan in 2025, as a lure for the intrusion team, according to ESET's APT Activity Report for the period between April and September 2024.

MirrorFace continues to capture the attention of Japanese people and events, despite this new geographical target, proving their dedication to Japan and its related events. MirrorFace, as well as Earth Kasha, is one of the clusters categorized under an umbrella group called APT10, which includes other clusters classified under Earth Tengshe and Bronze Starlight, as well. 

At least since 2018, the company has been targeting Japanese organizations, although its operations have been further expanded to include Taiwan and India with a new campaign observed in early 2023, albeit it is still focused on the Japanese market. During the hacking crew's history, it has evolved from a few backdoor programs, namely ANEL (a.k.a. Uppercut), LODEINFO, and NOOPDOOR (also known as HiddenFace), to an arsenal of infections, which now consists of backdoors and credential thieves, such as MirrorStealer and ANEL. 

Having said that, it's important to note that T-Mobile's cybersecurity practice has recently been subjected to massive criticism since it's experienced a lot of data breaches in recent years. It was part of the company's settlement with the FCC of $31.5 million for previous breaches, of which half was for an improvement of the security infrastructure. The data breaches that have repeatedly targeted T-Mobile, which is owned by Deutsche Telekom Corporation, have been one of the most challenging aspects of the company's recent history. 

According to the company, back in August 2021, 49 million T-Mobile account holders were affected by the data breach, but the hackers claimed that they had stolen data from 100 million users on the network. According to T-Mobile, it is actively monitoring the situation and is working closely with government officials to investigate the breach to prevent any further issues from occurring. Currently, there is no evidence that the company's systems have hurt the privacy, security, or functionality of its customers, but the firm maintains that no harm has been caused. 

The company is paying close attention to this industry-wide attack that is affecting the entire industry. Quite to the contrary, due to the security controls in our network structure, and the diligent monitoring and response of our systems, T-Mobile has not witnessed any significant impact on its data or systems. As far as we are aware, no evidence has been found that the company's customer or other sensitive information has been accessed or exfiltrated as other companies may have done. 

The situation will be closely monitored by industry peers as well as the relevant authorities, and we will work with them to resolve it.” A recent incident at T-Mobile has come at a time when the company is expanding its cyber-security practices to combat these threats. In February of this year, the company settled a $31.5 million lawsuit with the Federal Communications Commission, more than half of which was devoted to improving security infrastructure as a result of its prior breaches. 

The T-Mobile Security breach is a prime example of the unique challenges that face the telecommunications sector, which is classified as critical infrastructure under federal law because of its importance to the nation. As an upstream provider of information and communications, telecommunications companies play a vital role in healthcare, government, and the private sector, allowing everything from emergency services to business transactions to personal connectivity to take place. 

Therefore, these networks are prime targets for state-sponsored cyber campaigns that seek to exploit their role in facilitating sensitive communications by exploiting their vulnerability to state-sponsored cyber campaigns. There has been a shift in how cyber-espionage tactics have been used over the past few years twhichis disturbing. Attackers like Salt Typhoon take advantage of wiretap systems and sensitive communication channels to steal data and compromise the integrity of systems and networks vital to national security efforts. 

As part of a new analysis published on November 19, 2024, Trend Micro discovered that the MirrorFace actor was using the vulnerability of Array AG (CVE-2023-45727), Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-45727) for the initial access of its public-facing enterprise products, which enabled the MirrorFace attacker to access the products. It has been reported that they had installed several backdoors within the victim's network after gaining access to achieve persistence on the network," said security researcher Hara Hiroaki. Among these are the 'Cobalt Strike' and 'LODEINFO' programs, as well as the 'NOOPDOOR' program that was discovered last year. 

A sophisticated and complex implant like NOOPDOOR can be decrypted and launched using a shellcode loader named NOOPLDR to install it on the system. It includes built-in functions, in addition to modules that enable the uploading and downloading of files, the running of additional programs, and the communication with a server controlled by an attacker either actively or passively. As a result, Hiroaki noted, both active and passive modes, for the most part, use different encryption algorithms, as well as backdoor commands, respectively, which means that the channels can't be accessed by one another and are completely independent of one another.
Read more »
T-Mobile
AI technology CIO cyber resilience Cyber Security Proofpoint Quantum computing T-Mobile

Cyber Resilience: Preparing for the Inevitable in a New Era of Cybersecurity

 

At the TED Conference in Vancouver this year, the Radical Innovators foundation brought together over 60 of the world’s leading CHROs, CIOs, and founders to discuss how emerging technologies like AI and quantum computing can enhance our lives. Despite the positive focus, the forum also addressed a more concerning topic: how these same technologies could amplify cybersecurity threats. Jeff Simon, CISO of T-Mobile, led a session on the future of security, engaging tech executives on the growing risks. 

The urgency of this discussion was underscored by alarming data from Proofpoint, which showed that 94% of cloud customers faced cyberattacks monthly in 2023, with 62% suffering breaches. This illustrates the increased risk posed by emerging technologies in the wrong hands. The sentiment from attendees was clear: successful cyberattacks are now inevitable, and the traditional focus on preventing breaches is no longer sufficient. Ajay Waghray, CIO of PG&E Corporation, emphasized a shift in mindset, suggesting that organizations must operate under the assumption that their systems are already compromised. 

He proposed a new approach centered around “cyber resilience,” which goes beyond stopping breaches to maintaining business continuity and strengthening organizational resilience during and after attacks. The concept of cyber resilience aligns with lessons learned during the pandemic, where resilience was about not just recovery, but coming back stronger. Bipul Sinha, CEO of Rubrik, a leading cyber resilience firm, believes organizations must know where sensitive data resides and evolve security policies to stay ahead of future threats. He argues that preparedness, including preemptive planning and strategic evolution after an attack, is crucial for continued business operations. 

Venture capital firms like Lightspeed Venture Partners are also recognizing this shift towards cyber resilience. Co-founder Ravi Mhatre highlights the firm’s investments in companies like Rubrik, Wiz, and Arctic Wolf, which focus on advanced threat mitigation and containment. Mhatre believes that cybersecurity now requires a more dynamic approach, moving beyond the idea of a strong perimeter to embrace evolutionary thinking. Waghray identifies four core elements of a cyber resilience strategy: planning, practice, proactive detection, and partnerships. 

These components serve as essential starting points for companies looking to adopt a cyber resilience posture, ensuring they are prepared to adapt, respond, and recover from the inevitable cyber threats of the future.
Read more »
T-Mobile
Cyber Attacks Malicious Link Mobile scam Mobile Security Phishing Attack Scams T-Mobile

T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

 

T-Mobile customers have recently raised concerns after receiving unusual-looking links from the company’s support channels, leading to fears of potential phishing scams. However, investigations have confirmed that these links are legitimate, though their appearance and unfamiliar origin have caused some confusion. The Mobile Report has revealed that T-Mobile’s support teams, including T-Force, the social media support team, are now utilizing a third-party service called Khoros to manage secure forms for customers. This change has led to the use of links with unfamiliar domain names, which naturally appear suspicious to users. 

For instance, one customer was directed to a “Handset Upgrade Form” through a link that, at first glance, seemed questionable. T-Mobile employees have assured The Mobile Report that these links are indeed authentic and part of a new procedure aimed at handling sensitive customer information more securely. In the past, T-Mobile hosted similar forms directly on its own servers using a T-Mobile domain, which customers were familiar with. The shift to an external platform, particularly one that customers do not recognize, has understandably caused some concern and confusion among users. 

Adding to the unease is the fact that Khoros, the company now hosting these forms, describes itself as a platform that uses AI and automation to analyze large amounts of data. While this approach is standard for many data-driven companies, it raises questions about the potential risks involved in sharing sensitive information with third-party services, especially when customers are not fully informed about the transition. Despite the legitimacy of these links in this instance, it is always wise for customers to exercise caution when dealing with unfamiliar links, even if they appear to originate from a trusted source. Phishing scams often rely on the use of seemingly legitimate links to deceive users into disclosing sensitive information. 

As a precaution, customers are advised to contact T-Mobile directly through official channels to verify the authenticity of any communication they receive, particularly when it involves providing personal or financial information. While T-Mobile’s new process using Khoros is legitimate, the lack of clear communication regarding the change has led to understandable concerns among customers. As always, caution and verification remain key to ensuring online safety, particularly when dealing with unexpected or unfamiliar links.
Read more »
User Priavcy
Advanced Technology Cellphone track Data Breach T-Mobile User Priavcy

User Privacy Threats Around T-Mobile's 'Profiling and Automated Decisions'

In today's digital age, it is no secret that our phones are constantly tracking our whereabouts. GPS satellites and cell towers work together to pinpoint our locations, while apps on our devices frequently ping the cell network for updates on where we are. While this might sound invasive (and sometimes it is), we often accept it as the norm for the sake of convenience—after all, it is how our maps give us accurate directions and how some apps offer personalized recommendations based on our location. 

T-Mobile, one of the big cellphone companies, recently started something new called "profiling and automated decisions." Basically, this means they are tracking your phone activity in a more detailed way. It was noticed by people on Reddit and reported by The Mobile Report. 

T-Mobile says they are not using this info right now, but they might in the future. They say it could affect important stuff related to you, like legal decisions. 

So, what does this mean for you? 

Your phone activity is being tracked more closely, even if you did not know it. And while T-Mobile is not doing anything with that info yet, it could impact you with your information in future. However, like other applications, T-Mobile also offers varied privacy options, so it is important to learn before using the application. 

Let's Understand T-Mobile's Privacy Options 


T-Mobile offers various privacy options through its Privacy Center, accessible via your T-Mobile account. Here is a breakdown of what you can find there: 

  • Data Sharing for Public and Scientific Research: Opting in allows T-Mobile to utilize your data for research endeavours, such as aiding pandemic responses. Your information is anonymized to protect your privacy, encompassing location, demographic, and usage data. 
  • Analytics and Reporting: T-Mobile gathers data from your device, including app usage and demographic details, to generate aggregated reports. These reports do not pinpoint individuals but serve business and marketing purposes. 
  • Advertising Preferences: This feature enables T-Mobile to tailor ads based on your app usage, location, and demographic information. While disabling this won't eliminate ads, it may decrease their relevance to you. 
  • Product Development: T-Mobile may utilize your personal data, such as precise location and app usage, to enhance advertising effectiveness. 
  • Profiling and Automated Decisions: A novel option, this permits T-Mobile to analyze your data to forecast aspects of your life, such as preferences and behaviour. Although not actively utilized currently, it is enabled by default. 
  • "Do Not Sell or Share My Personal Information": Choosing this prevents T-Mobile from selling or sharing your data with external companies. However, some data may still be shared with service providers. 

However, the introduction of the "profiling and automated decisions” tracking feature highlights the ongoing struggle between technological progress and the right to personal privacy. With smartphones becoming essential tools in our everyday routines, the gathering and use of personal information by telecom companies have come under intense examination. The debate over the "profiling and automated decisions" attribute serves as a clear indication of the necessity for strong data privacy laws and the obligation of companies to safeguard user data in our ever-increasingly interconnected society.
Read more »
Wireless
Cyber Scammers cyber threat Cyberattacks CyberCrime FBI FCC Financial Loss Reddit SIM SIM swap Swap Scam T-Mobile Technology Verizon Wireless

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.
Read more »
Verizon
911 service AT&T Consumer Cellular customer complaints Cyber Security Downdetector FBI mobile phone Outage service interruptions T-Mobile USCellular Verizon

Cell Service Restored Following Extensive AT&T Outage

 

AT&T has resolved issues affecting its mobile phone customers following widespread outages on Thursday, according to a company announcement.Throughout the day, tens of thousands of cell phone users across the United States reported disruptions.

Reports on Downdetector.com, a platform monitoring outages, indicated instances of no service or signal after 04:00 EST (09:00 GMT).

AT&T issued an apology to its customers and confirmed that services were fully operational again by early afternoon. The company stated its commitment to taking preventive measures to avoid similar incidents in the future. The cause of the outage is currently being investigated.

Verizon and T-Mobile informed the BBC that their networks were functioning normally. However, they acknowledged that some customers may have experienced service issues while attempting to communicate with users on different networks.

According to Downdetector, AT&T received over 74,000 customer complaints, with significant clusters in southern and eastern regions of the country.

Smaller carriers like Cricket Wireless, UScellular, and Consumer Cellular also reported interruptions in service. Complaints ranged from difficulties with calls, texts, to internet access, with many users reporting no service or signal.

Downdetector's data showed that major cities including Los Angeles, Chicago, Houston, and Atlanta experienced high numbers of outages.

Some individuals also faced challenges with 911 services, prompting officials to advise the use of landlines, social media, or cell phones from alternative carriers in emergencies.

The widespread outage has garnered the attention of the US government, with the FBI and Department of Homeland Security launching investigations, as confirmed by John Kirby, spokesperson for the US National Security Council.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that they are collaborating with AT&T to understand the root cause of the outage and are ready to provide assistance as necessary.

Although a confidential memo reported by ABC News suggested no signs of malicious activity, CISA officials are actively investigating the incident.
Read more »
Unauthorized access
Android Applications API Bug Data Breach Private Information T-Mobile Technical Glitch Unauthorized access

T-Mobile App Glitch Exposes Users to Data Breach

A recent T-Mobile app bug has exposed consumers to a severe data breach, which is a disturbing revelation. This security hole gave users access to sensitive information like credit card numbers and addresses as well as personal account information for other users. Concerns regarding the company's dedication to protecting user data have been raised in light of the event.

On September 20, 2023, the problem reportedly appeared, according to reports. Unauthorized people were able to examine a variety of individual T-Mobile customer's data. Along with names and contact information, this also included extremely private information like credit card numbers, putting consumers at risk of loss of money. 

T-Mobile was quick to respond to the incident. A company spokesperson stated, "We take the security and privacy of our customers very seriously. As soon as we were made aware of the issue, our technical team worked diligently to address and rectify the glitch." They assured users that immediate steps were taken to mitigate the impact of the breach.

Security experts have highlighted the urgency of the situation. Brian Thompson, a cybersecurity analyst, emphasized, "This incident underscores the critical importance of robust security protocols, particularly for companies handling sensitive user data. It's imperative that organizations like T-Mobile maintain vigilant oversight of their systems to prevent such breaches."

The breach not only puts user information at risk but also raises questions about T-Mobile's data protection measures. Subscribers trust their service providers with a wealth of personal information, and incidents like these can erode that trust.

T-Mobile has advised its users to update their app to the latest version, which contains the necessary patches to fix the glitch. Additionally, they are encouraged to monitor their accounts for any unusual activities and report them promptly.

This incident serves as a stark reminder of the ever-present threat of data breaches in our digital age. It reinforces the need for companies to invest in robust cybersecurity measures and for users to remain vigilant about their personal information. In an era where data is more valuable than ever, safeguarding it should be of paramount importance for all.
Read more »
Vulnerabilities
Cyberattacks CyberCrime Data Breach T-Mobile UpGuard Vulnerabilities

Customers' Accounts Were Exposed in the Verizon breach

 


There have been a lot of talks lately about telecom companies and consumer data breaches. In the past few years, you are more likely to hear about T-Mobile announced in the headlines. There have been numerous attacks on the self-titled Un-carrier with disastrous results each time it was attacked. 

However, Verizon (and its customers) are not the only ones suffering this year - updated information has revealed that millions of Verizon subscribers have been subjected to data breaches, with their personal information being made publicly available. 

A Verizon contractor has apologized after failing to secure a large batch of customer information previously collected by the telecom company. Due to this vulnerability, over 6 million customer accounts have been exposed. Although it is unclear whether Verizon - the country's largest wireless carrier - will notify users infected, many believe they will. 

In some cases, customers' PIN codes were exposed as well, which are often used in conjunction with their names, addresses, phone numbers, account information, as well as basic information about how to contact customer service teams via phone. Some logs contained information about customer service calls stored in the cloud containing exposed data. 

As part of its commitment to security and privacy, Verizon is committed to protecting the personal information of its customers. 

A researcher with the cyber risk team at security vendor UpGuard, Chris Vickery, discovered that the data was exposed through a breach at the location. 

In a blog post Dan O'Sullivan, a cyber resilience analyst at UpGuard, wrote In a recent post, a cyber resilience analyst at UpGuard wrote that the data was contained in an unsecured Simple Storage Service (S3) bucket. This repository is controlled by NICE Systems, an Israeli company that is part of Verizon's partner network. 

It is also said that Verizon has said in a press statement that their agency supports a wireline self-service call center portal for small businesses and homes, and certain data is required for the project.

The data exposure was discovered by UpGuard on June 13; Verizon notified the company to lock out the bucket by June 22 as soon as it discovered it. It has been characterized as "troubling" from the perspective of UpGuard, and officials from NICE were unable to comment as of right now. 

UpGuard says 14 million customer records may have been exposed due to the breach. 

In an attempt to prove its point, Verizon denied the figure, saying Wednesday that 6 million accounts had been exposed to the vulnerability. 

The Verizon spokesman did not answer a question as to how Verizon came to this conclusion, although an analysis of access logs could have contributed. In response to a question about notification, Samberg declined to comment. 

Error in Redux Configuration

Vickery has made several data exposure discoveries this year, including Verizon. The search engine Shodan is an excellent tool to catalog staggering breaches. An internet-connected device is found by Shodan by searching for it on the internet. Researchers can detect unsecured internet-related systems and cloud instances by plugging specific search terms into Shodan, which helps discover insecure internet-connected systems and cloud instances. 

The configuration error appears to have been made by NICE and was caused by a rule that was set incorrectly in the S3 bucket, similar to the previous episodes of unintentionally exposed data detected by Vickery. 

The data was then available via the internet, which left it accessible to everyone. Having accessed the database and its many terabytes of contents with just the S3 URL was a convenient way to access and download the data, writes UpGuard's O'Sullivan in a post, and the files themselves were also accessible. 

Amazon S3 storage buckets do not have public access enabled by default, which is Amazon's policy. As part of Amazon's identity and access management controls, you can also control who has access to buckets and has enough permission to alter or delete data. It is also possible to block buckets based on HTTP referrers and IP addresses to make them off-limits to certain users. 

It seems unlikely that anyone at NICE would have disabled those security defaults, but it's possible. 

Exposure to Orange Data is Suspected

Aside from the information exposed in the S3 bucket, according to O'Sullivan, the information appears to have also been exposed by at least one other organization, Orange, which is also a partner of NICE. 

The data, he writes, appears less sensitive. However, it is noteworthy to see this type of information being included in a Verizon repository, even though it is internal to Orange. On the European market, Verizon's enterprise division competes directly with Orange's enterprise division. 

Data Security is at Risk

In contrast, Verizon has downplayed the idea that data has been exposed. Even though some personal information was included in the data set, the overwhelming majority of the information did not have any outside value. As Verizon confirmed in a statement, the company said that there were no Social Security numbers or Verizon voice recordings in the cloud storage area. 

Yet some security experts are skeptical about whether this leak will cause damage. In some customer records, the PIN was masked in some cases; however, this only affected a subset of accounts. 

It is believed that UPSGuard believes that unmasked PINs could be used by Verizon to gain access to account information. The PINs required for these accounts are fundamental to verifying callers as legitimate Verizon customers. This is preventing impersonators from accessing and changing Verizon account settings, writes O'Sullivan. 

Verizon says users cannot access online accounts using PINs. Samberg, Verizon's Chief Creative Officer, did not follow up with a question from the media about whether having a PIN alone might be enough for an individual to obtain an additional SIM card, but he did suggest that having a PIN might not be sufficient. 

Scammers are feared to be able to impersonate customers and obtain SIM cards by impersonating them as customers. 

Having the victim's phone number would give them the capability to use it to their advantage. Fraudsters would then receive messages from the victim including their two-factor authentication codes as part of the fraud scheme. To better block unauthorized access, a one-time passcode is now required for many online services, from banks to cloud storage providers. 

According to a report released by the U.S. National Institute of Standards and Technology, it is recommended that out-of-band authentication be avoided by using voice calls and SMS messages. 

A smartphone app, which you can find on your smartphone, is becoming increasingly popular among businesses - even wireless carriers - to enable users to receive a one-time code via the program. This method of sending one-time codes is generally considered to be a safer approach by security experts than sending them via voice or SMS communication.
Read more »
Telegram
Atlas VPN Cyber Attacks Darkweb LAPSUS$ NVIDIA Sensitive Data Leak SIM Swapping T-Mobile Telegram

T-Mobile Reveals its Security Systems were Hacked via Lapsus$ Hackers

 

T-Mobile acknowledged on Friday it had been the subject of a security compromise in March when the LAPSUS$ mercenary group gained access to its networks. The admission occurred after investigative journalist Brian Krebs published internal chats from LAPSUS$'s key members, revealing the group had infiltrated the company many times in March previous to the arrest of its seven members. 

After analyzing hacked Telegram chat conversations between Lapsus$ gang members, independent investigative journalist Brian Krebs first exposed the incident. T-Mobile said in a statement the breach happened "a few weeks ago" so the "bad actor" accessed internal networks using stolen credentials. "There was no customer or government information or any similarly sensitive information on the systems accessed, and the company has no evidence of the intruder being able to get anything of value," he added.

The initial VPN credentials were allegedly obtained from illegal websites such as Russian Market in order to get control of T-Mobile staff accounts, enabling the threat actor to conduct SIM switching assaults at anytime. 

The conversations suggest how LAPSUS$ had hacked T-Slack Mobile's and Bitbucket accounts, enabling the latter to obtain over 30,000 source code repositories, in addition to getting key to an internal customer account management application called Atlas. In the short time since it first appeared on the threat scene, LAPSUS$ has been known for hacking Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, Okta, and Globant. 

T-Mobile has acknowledged six previous data breaches since 2018, including one in which hackers gained access to data linked to 3% of its members. T-Mobile acknowledged it had disclosed prepaid customers' data a year later, in 2019, and unknown threat actors had acquired access to T-Mobile workers' email accounts in March 2020. Hackers also acquired access to consumer private network information in December 2020, and attackers accessed an internal T-Mobile application without authorization in February 2021. 

According to a VICE investigation, T-Mobile, unsuccessfully, tried to prevent the stolen data from being posted online after paying the hackers $270,000 through a third-party firm in the aftermath of the August 2021 breach. After its stolen sensitive information turned up for sale on the dark web, the New York State Office of the Attorney General (NY OAG) alerted victims of T-August Mobile's data breach would face elevated identity theft risks. 

The City of London Police announced earlier this month as two of the seven adolescents arrested last month for alleged potential connections to the LAPSUS$ data extortion group, a 16-year-old, and a 17-year-old had been charged.
Read more »
US
Data Breach SIM Swapping T-Mobile US

American Telecommunications Firm, T-Mobile Confirmed Data Breach and Sim Swapping Attacks

 

After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a data breach. The organization believes that this malicious conduct has been detected very easily and that it has taken steps to stop it and discourage it from continuing in the future. 

SIM swap attacks (or SIM hijacking) permits scammers who use social engineering or bribing mobile operator workers to a fraudster-controlled SIM to gain a charge of their target telephone number. They then receive messages and calls from victims and enable users to easily bypass multi-factor authentication (MFA) through SMS, steal user identifiers, and take over the victims' Online Service Accounts. Criminals will enter the bank accounts of the victims and take money, swap passwords for their accounts, and even lock the victims out of their own accounts. 

T-Mobile disclosed that an anonymous perpetrator had access to customer account details, including contact information and personal id numbers- in the communication of violation sent to affected consumers on 9 February 2021. As the attackers have been able to port numbers, it is not known whether or not they have been able to access an employee's account by means of the affected account users.

"An unknown actor gained access to certain account information. It appears the actor may then have used this information to port your line to a different carrier without your authorization," T-Mobile said.
 
"T-Mobile identified this activity—terminated the unauthorized access, and implemented measures to protect against reoccurrence".

Client names, emails, e-mail addresses, account numbers, Social Security Numbers (SSN), PINs, questions and responses about account security, date of birth, schedule information, and a number of lines signed up to their accounts may have been used for the information stolen by hackers stated T-Mobile.
 
"T-Mobile quickly identified and terminated the unauthorized activity; however we do recommend that you change your customer account PIN."

Affected customers of T-Mobile are encouraged to update their name, PIN, and security questions and answers. Via 'myTrueIdentity' from Transunion, T-Mobile is providing two years of free surveillance and identity fraud prevention services. Details on how to log on to these systems are given to the recipient of the data breach notice that is sent to the compromised customers. Changing PIN and security concerns, since both have been weakened, should be a top priority at this time.
Read more »
Subscribe to: Posts (Atom)