Authentication, Technology and Telecommunications

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

The Last Watchdog

MARCH 19, 2025

” Knocknoc orchestrates network infrastructure to remove risk exposure by tying users’ network access to their SSO authentication status. It can also be used on internal networks to add multifactor authentication to legacy systems to satisfy compliance requirements.

Technology

Technology Media Telecommunications Authentication

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Storm-2372s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.” ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

Lumen Technologies Inc. Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities. Based in Monroe, La., But over the years the various IRRs made it easier to automate this process via email.

Internet

Internet Internet Authentication Telecommunications

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. The state-sponsored actor behind the attack is an Advanced Persistent Threat (APT) group known as Salt Typhoon, believed to be tied to the People’s Republic of China (PRC).

Encryption

Encryption Identity Theft Media Telecommunications

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

The ransomware targets unpatched internet-facing servers, impacting systems across 70+ countries in sectors like critical infrastructure, health care, governments, education, technology, manufacturing, and small- to medium-sized businesses. 3 Whats Behind its Enduring Popularity? What makes CVE-2018-13379 so dangerous is its stickiness.

VPN

VPN Authentication Ransomware Risk

Key benefits of iSIM technology for enabling secure connectivity

CyberSecurity Insiders

OCTOBER 27, 2021

With devices needing SIMs to authenticate them for mobile networks, advances in SIM technology will be critical f or the expansion of the connected world in years to come. . The integrated SIM (iSIM) provides a secure way of authenticating devices with the same security and convenience as the eSIM. ThalesDigiSec ! .

Technology

Technology Manufacturing IoT Mobile

China-linked APT UNC3886 targets EoL Juniper routers

Security Affairs

MARCH 12, 2025

UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. ” concludes the report published by Mandiant.

Telecommunications

Telecommunications Malware DDOS Technology

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

Cisco Security

OCTOBER 3, 2022

In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport. What is the Telecommunications (Security) Act? Why has the Telecommunications (Security) Act been introduced?

Telecommunications

Telecommunications Data breaches Risk Government

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries. The phishers will explain that they’re calling from the employer’s IT department to help troubleshoot issues with the company’s virtual private networking (VPN) technology.

Phishing

Phishing VPN Social Engineering Media

Best Facial Recognition Software for Enterprises In 2022

eSecurity Planet

FEBRUARY 11, 2022

The technology isn’t yet perfect, but it has evolved to a point that enterprise use is growing. The application of facial recognition technology in operations was primarily in law enforcement organizations until the last decade, when a massive advance in AI and deep learning allowed it to be more broadly applied.

Software

Software Technology Authentication Artificial Intelligence

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. which supplies ultra-sensitive, portable marijuana breathalyzer technology.

Cybersecurity

Cybersecurity Cybercrime Education Government

5G Security

Schneier on Security

JANUARY 14, 2020

To be sure, there are significant security improvements in 5G over 4Gin encryption, authentication, integrity protection, privacy, and network availability. The technology will quickly become critical national infrastructure, and security problems will become life-threatening. But the enhancements aren't enough.

Data collection

Data collection Software Marketing Government

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

With an intuitive, unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and to change them as technologies and threats evolve – without rewriting code. Air Force, the Defense Information Systems Agency (DISA), the U.S.

Encryption

Encryption Telecommunications Government Technology

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware

Spyware Firewall Artificial Intelligence Malware

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance

Surveillance Manufacturing Internet Internet

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “Like domain controllers, AD FS servers can authenticate users and should therefore be treated with the same high level of security.

Malware

Malware Authentication Telecommunications Government

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security

Thales Cloud Protection & Licensing

DECEMBER 21, 2022

Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The multi-vendor landscape, complex infrastructure and distributed nature of 5G networks has historically made subscriber authentication and privacy a challenge.

Architecture

Architecture Authentication Telecommunications IoT

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Malware Authentication Small Business

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. In some campaigns analyzed by Mandiant, the threat actor was using residential IP address ranges to authenticate to target environments.

Malware

Malware VPN Accountability Telecommunications

Cybersecurity Risks of 5G – And How to Control Them

eSecurity Planet

SEPTEMBER 1, 2021

5G technology will improve some IoT use cases, thereby adding to the proliferation of IoT devices – a phenomena individuals and organizations aren’t prepared to fully defend in the immediate future. Untrusted proprietary technologies that fail to meet these standards pose lingering threats to their clients and inefficiencies.

Risk

Risk Cybersecurity IoT Wireless

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

AUGUST 20, 2019

Related: Most companies ignorant about rising mobile attacks While it might be tempting to dismiss the potential revenue lost by Apple, Samsung, HTC and other suppliers of authentic phones, this counterfeit wave is particularly worrisome. The faked phones flooding the market today are slicker than ever. The smartphone industry knows this.

Malware

Malware Mobile Manufacturing Marketing

Ransomware and wiper signed with stolen certificates

SecureList

DECEMBER 22, 2022

The threat actors used certificates from Nvidia and Kuwait Telecommunications Company to sign their malware; the former was already leaked, but we’re not sure how they got their hands on the latter. The ransomware – use of Kuwait Telecommunications Company signing certificate. Kuwait Telecommunications company certificate. [1]

Ransomware

Ransomware Telecommunications Malware Encryption

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 22, 2023

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw Multiple APT groups exploited WinRAR flaw CVE-2023-38831 Californian IT company DNA Micro leaks private mobile phone data Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August A flaw in Synology DiskStation Manager allows admin account (..)

Ransomware

Ransomware Telecommunications Data breaches Mobile

Hacked GPS tracker reveals location data of customers

Malwarebytes

AUGUST 19, 2024

Tracki devices are sold by some major telecommunication companies, sometimes under the Tracki brand or sometimes under their own label. This “simple internal support tool” required no other authentication than logging in using a password that shared between Tracki and Trackimo employees.

Hacking

Hacking Telecommunications Passwords Data breaches

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Faced with an increasing brain drain of smart people fleeing the country, Russia floats a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies. Uber blames LAPSUS$ for the intrusion.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Government

Government Telecommunications Accountability Phishing

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Krebs on Security

JUNE 19, 2018

On May 17, KrebsOnSecurity broke the news of research by Carnegie Mellon University PhD student Robert Xiao , who discovered that a LocationSmart try-before-you-buy opt-in demo of the company’s technology was wide open — allowing real-time lookups from anyone on anyone’s mobile device — without any sort of authentication, consent or authorization.

Mobile

Mobile Wireless Telecommunications Technology

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

This data leak could have a serious impact on the company if it will be confirmed the authenticity of the leaked files. On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM.

Cybercrime

Cybercrime Telecommunications VPN Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications.

Malware

Malware Encryption Telecommunications Authentication

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

The stolen data are sent to the main module using the previously created pipe named “c63hh148d7c9437caa0f5850256ad32c” Token Grabber The module is a.NET library designed to steal Google Chrome browser cookies and authentication tokens related to Facebook, LinkedIn and Google services (Gmail, Google Drive, etc.). paknavy-govpk[.]net

Malware

Malware Encryption Architecture Phishing

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

mail.cyta.com.cy: Cyta telecommunications and Internet provider, Cyprus. “DNS Security Extensions”), which is a technology designed to defeat the very type of attack that the DNSpionage hackers were able to execute. Use 2-factor authentication, and require it to be used by all relevant users and subcontractors. -In

DNS

DNS Internet Internet Government

CISA: Top Vulnerabilities Actively Exploited by China Hackers

SecureWorld News

OCTOBER 6, 2022

Utilize phishing-resistant multi-factor authentication whenever possible. PRC state-sponsored cyber actors continue to exploit known vulnerabilities and use publicly available tools to target networks of interest. The advisory provides six mitigations: "Update and patch systems as soon as possible.

Passwords

Passwords Telecommunications Government Risk

Best Encryption Software for 2022

eSecurity Planet

AUGUST 4, 2022

Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice. Encryption technology has evolved over the years to cover data in use, and the emerging power of quantum computing has given rise to quantum cryptography.

Encryption

Encryption Software Computers and Electronics Technology

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

From a different angle, reporting from The Intercept revealed mobile surveillance capabilities available to Iran for the purposes of domestic investigations that leverage direct access to (and cooperation of) local telecommunication companies. APT targeting turns toward satellite technologies, producers and operators.

Firmware

Firmware Surveillance Mobile Telecommunications

Opinion: Staying Secure Through 5G Migration

The Security Ledger

OCTOBER 8, 2020

To achieve their 5G transformation, telecommunications providers require security solutions and platforms built from the ground up for modern, dynamic business models. The post Opinion: Staying Secure Through 5G Migration appeared first on The Security Ledger.

Telecommunications

Telecommunications IoT Cyber Attacks Authentication

News alert: Infobip identifies five typical security challenges impacting mobile users

The Last Watchdog

OCTOBER 16, 2023

Orange and Infobip/Anam therefore took advantage of their joint expertise in telecommunications security to develop a robust A2P SMS protect solution, which identifies current and emerging risks, and proactively safeguards telcos, businesses, and end-users on most channels.”

Mobile

Mobile Firewall Telecommunications Marketing

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Accountability

Accountability VPN Social Engineering Hacking

Six existential threats posed by the future of 5G (Part One)

CyberSecurity Insiders

JUNE 22, 2021

Yet, there are some key concerns that telecommunication providers need to be aware of if they are going to successfully implement this next generation of connectivity, as well as inspire trust in customers. Well, by using eSIM technology , telcos can help protect the range IoT devices on their network from cyberattacks.

IoT

IoT Mobile Risk Telecommunications

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. Telecom Infrastructure Abuse: The threat actor used Verizon IPv6 addresses to access the network, leveraging telecommunications infrastructure with a clean reputation to bypass security controls.

Social Engineering

Social Engineering Engineering Accountability Backups

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

As a leading VC, BVP offers budding companies plenty to consider, with a set of roadmaps and tools for today’s technologies and market complexities. Notable cybersecurity exits for the company include AVG Technologies, Cognitive Security, OpenDNS, and Carbon Black. Also read : Addressing Remote Desktop Attacks and Security.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Baby monitor safety: What you need to know

Malwarebytes

JUNE 19, 2023

Instead of Wi-Fi, they use other technologies called Digital Enhanced Cordless Telecommunications (DECT) and Frequency Hopping Spread Spectrum (FHSS). Use multi-factor authentication (MFA) : Pick a baby monitor that allows you to use multi-factor (or 2-factor) authentication.

Passwords

Passwords IoT Internet Internet

Protect 5G to Secure Sustainable Growth

Thales Cloud Protection & Licensing

OCTOBER 10, 2022

Both the renewable energy business and the telecommunications industry are projected to expand significantly over the next decade, and the green energy movement is gaining traction. The success of the technology itself is at the heart of 5G's ability to promote sustainability. The benefits of 5G connectivity. Clean energy.

Artificial Intelligence

Artificial Intelligence Manufacturing IoT Mobile

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Trending Sources

Storm-2372 used the device code phishing technique since August 2024

The Internet is Held Together With Spit & Baling Wire

Americans urged to use encrypted messaging after large, ongoing cyberattack

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Key benefits of iSIM technology for enabling secure connectivity

China-linked APT UNC3886 targets EoL Juniper routers

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

Voice Phishers Targeting Corporate VPNs

Best Facial Recognition Software for Enterprises In 2022

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

5G Security

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

3.5m IP cameras exposed, with US in the lead

Nobelium APT uses new Post-Compromise malware MagicWeb

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Nobelium continues to target organizations worldwide with custom malware

Cybersecurity Risks of 5G – And How to Control Them

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

Ransomware and wiper signed with stolen certificates

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacked GPS tracker reveals location data of customers

Happy 13th Birthday, KrebsOnSecurity!

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Beyond the Surface: the evolution and expansion of the SideWinder APT group

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

CISA: Top Vulnerabilities Actively Exploited by China Hackers

Best Encryption Software for 2022

Advanced threat predictions for 2023

Opinion: Staying Secure Through 5G Migration

News alert: Infobip identifies five typical security challenges impacting mobile users

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Six existential threats posed by the future of 5G (Part One)

Scattered Spider x RansomHub: A New Partnership

Top VC Firms in Cybersecurity of 2022

Baby monitor safety: What you need to know

Protect 5G to Secure Sustainable Growth

Stay Connected