Authentication and Telecommunications - Cyber Security Informer

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

The Last Watchdog

MARCH 19, 2025

” Knocknoc orchestrates network infrastructure to remove risk exposure by tying users’ network access to their SSO authentication status. It can also be used on internal networks to add multifactor authentication to legacy systems to satisfy compliance requirements.

Technology

Technology Media Telecommunications Authentication

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

Most large and legacy telecommunications providers validate transfer requests related to their customers by consulting NPAC , or the Number Portability Administration Center. NetNumber developed its own proprietary system for mapping telecommunications providers that is used by Sakari and an entire industry of similar firms.

Telecommunications

Telecommunications Mobile Accountability Wireless

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Storm-2372s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.” ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities. But over the years the various IRRs made it easier to automate this process via email.

Internet

Internet Internet Authentication Telecommunications

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. The state-sponsored actor behind the attack is an Advanced Persistent Threat (APT) group known as Salt Typhoon, believed to be tied to the People’s Republic of China (PRC).

Encryption

Encryption Identity Theft Media Telecommunications

Sprint Exposed Customer Support Site to Web

Krebs on Security

JANUARY 29, 2020

KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.

Social Engineering

Social Engineering Telecommunications Data privacy Engineering

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required).

Cybercrime

Cybercrime Mobile Media Hacking

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

In one example, the Chinese group APT5, operating from the most active nation state targeting VPN devices, maintained access to compromised VPN infrastructure in the telecommunications sector for months. CVE-2022-40684 is a critical authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiManager network edge appliances.

VPN

VPN Authentication Ransomware Risk

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO

CISO Encryption Telecommunications Financial Services

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. Both malware authenticates themselves to Cryshell through a port-knocking and handshake procedure. ” reads the analysis published by the researchers.

Telecommunications

Telecommunications Authentication Malware Internet

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

Cisco Security

OCTOBER 3, 2022

In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport. What is the Telecommunications (Security) Act? Why has the Telecommunications (Security) Act been introduced?

Telecommunications

Telecommunications Data breaches Risk Government

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. T-Mobile declined to answer questions about what it may be doing to beef up employee authentication. “And we are constantly working to fight against it,” the statement reads. ” TMO UP!

Mobile

Mobile Phishing Authentication Advertising

China-linked APT UNC3886 targets EoL Juniper routers

Security Affairs

MARCH 12, 2025

Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. Mandiant observed the threat actor targeting network authentication services, including the Terminal Access Controller Access-Control System (TACACS+), and terminal servers with access to the routers to gain privileged initial access.”

Telecommunications

Telecommunications Malware DDOS Technology

The Upcoming UK Telecoms Security Act Part Two: Changing Mindset from Stick to Carrot

Cisco Security

DECEMBER 13, 2022

In our last blog , we gave a rundown of what the Telecommunications (Security) Act (TSA) is, why it’s been introduced, who it affects, when it starts, and how firms can prepare. But what if the TSA had some ‘carrot’-based business benefits that are much less discussed?

Telecommunications

Telecommunications Authentication Risk Cyber Risk

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. The telecommunications provider pointed out that no financial information (credit or debit card numbers, banking details) has been compromised.

Data breaches

Data breaches Telecommunications Banking Mobile

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries. And over the past six months, the criminals responsible have created dozens if not hundreds of phishing pages targeting some of the world’s biggest corporations.

Phishing

Phishing VPN Social Engineering Media

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Security Affairs

FEBRUARY 21, 2020

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. “vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. ” reads an advisory published by VMware.

Authentication

Authentication Telecommunications Advertising Hacking

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

Adding multi-factor authentication (MFA) at these various providers (where available) and/or establishing a customer-specific personal identification number (PIN) also can help secure online access. Your best option is to reduce your overall reliance on your phone number for added authentication at any online service.

Accountability

Accountability Mobile Banking Passwords

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Data belonging 44 Million Pakistani mobile users leaked online

Security Affairs

MAY 6, 2020

The dump was discovered by a Dubai-based cybersecurity firm Rewterz ( @rewterz ) that confirmed its authenticity and the Pakistan Telecommunication Authority (PTA) is investigating the matter. Last month, a hacker offered for sale a dump containing 115 Million Pakistani mobile user records for over $2 million worth of bitcoin.

Mobile

Mobile Telecommunications Data breaches Advertising

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

5G Security

Schneier on Security

JANUARY 14, 2020

To be sure, there are significant security improvements in 5G over 4Gin encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold. First, the standards are simply too complex to implement securely.

Data collection

Data collection Software Marketing Government

AT&T confirmed that a data breach impacted 73 million customers

Security Affairs

MARCH 30, 2024

In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic. ” reads a statement published by the telecommunication giant. reads the RestorePrivacy website. million former account holders.”

Data breaches

Data breaches Telecommunications Cybercrime Hacking

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. Cuttlefish has a modular structure, it was designed to primarily steal authentication data from web requests passing through the router from the local area network (LAN).

Malware

Malware DNS Authentication Telecommunications

AT&T states that the data breach impacted 51 million former and current customers

Security Affairs

APRIL 10, 2024

In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic. While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid.” reads the RestorePrivacy website.

Data breaches

Data breaches Telecommunications Identity Theft Hacking

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “Like domain controllers, AD FS servers can authenticate users and should therefore be treated with the same high level of security.

Malware

Malware Authentication Telecommunications Government

Undersea Cables and Cyber Physical Risks.

Cisco Security

NOVEMBER 18, 2022

Often security researchers and security teams focus on threats to software and the risks associated with authenticating and managing users. The telecommunications infrastructure that carries internet traffic between countries and continents is often provided by submarine cables. Physical infrastructure can not be taken for granted.

Risk

Risk Telecommunications Internet Internet

Store manager admits SIM swapping his customers

Malwarebytes

MARCH 19, 2024

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message.

Social Engineering

Social Engineering Computers and Electronics Mobile Identity Theft

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

LightBasin targeted and compromised mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Firewall Mobile Malware

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails

Security Affairs

AUGUST 31, 2021

Authentication is not required to exploit this vulnerability.” “The specific flaw exists within the authentication of requests to web services within the ecp web application. By issuing a crafted request, an attacker can bypass authentication. ” reads the advisory published Zero-Day Initiative (ZDI).

Authentication

Authentication Accountability Telecommunications Information Security

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

FEBRUARY 27, 2023

The best all-around metric for SASE/ZT testing is QoE, as it reflects multiple underlying factors, including performance, error detection, encryption variability, overall transaction latency, and (for ZT) concurrent authentication rate. Security controls that impede important business activities, will motivate users to try to bypass them.

Risk

Risk Architecture Firewall Telecommunications

TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded

Security Affairs

FEBRUARY 3, 2021

Italy also joins the security bug research, with the Red Team Research laboratory of TIM, an important Italian telecommunications company. The first one, Improper Restriction of Excessive Authentication Attempts (CWE-307), identified as CVE-2020-35590 , has a CVSS3 score of 9.8. The other one is an unauthenticated reflected XSS.

Telecommunications

Telecommunications Cyber Attacks Authentication Hacking

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Each of these organizations performs cyber operations for various reasons.

Cybersecurity

Cybersecurity Cybercrime Education Government

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Attackers exploited the flaw in the SS7 protocol to defeat the 2FA authentication used by Metro Bank to protect its customers. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.”

Banking

Banking Telecommunications Authentication Advertising

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security

Thales Cloud Protection & Licensing

DECEMBER 21, 2022

Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The multi-vendor landscape, complex infrastructure and distributed nature of 5G networks has historically made subscriber authentication and privacy a challenge.

Architecture

Architecture Authentication Telecommunications IoT

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Malware Authentication Small Business

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance

Surveillance Manufacturing Internet Internet

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

Other planned features will allow users to create smaller sandwiches to access fundamental cryptographic primitives, or larger sandwiches to access functionalities like authentication, virtual private networks (VPNs), or key management services (KMS). Air Force, the Defense Information Systems Agency (DISA), the U.S.

Encryption

Encryption Telecommunications Government Technology

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

Sorry, It’s Windows Malware Malware Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling Hacking (..)

Spyware

Spyware Firewall Artificial Intelligence Malware

FCC Enacts Rules Against SIM Swapping to Protect Mobile Phone Users

SecureWorld News

NOVEMBER 20, 2023

These fraudulent activities not only compromise wireless account access but also pose significant risks to financial accounts, social media profiles, and other online services utilizing phone numbers for multi-factor authentication (MFA).

Mobile

Mobile Wireless Artificial Intelligence Accountability

Ransomware and wiper signed with stolen certificates

SecureList

DECEMBER 22, 2022

The threat actors used certificates from Nvidia and Kuwait Telecommunications Company to sign their malware; the former was already leaked, but we’re not sure how they got their hands on the latter. The ransomware – use of Kuwait Telecommunications Company signing certificate. Kuwait Telecommunications company certificate. [1]

Ransomware

Ransomware Telecommunications Malware Encryption

News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Trending Sources

Can We Stop Pretending SMS Is Secure Now?

Storm-2372 used the device code phishing technique since August 2024

The Internet is Held Together With Spit & Baling Wire

Americans urged to use encrypted messaging after large, ongoing cyberattack

Sprint Exposed Customer Support Site to Web

Canadian Man Arrested in Snowflake Data Extortions

China-linked LightBasin group accessed calling records from telcos worldwide

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Why CISA is Warning CISOs About a Breach at Sisense

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

China-linked APT UNC3886 targets EoL Juniper routers

The Upcoming UK Telecoms Security Act Part Two: Changing Mindset from Stick to Carrot

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Voice Phishers Targeting Corporate VPNs

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Why & Where You Should You Plant Your Flag

A flaw in Dahua IP Cameras allows full take over of the devices

Data belonging 44 Million Pakistani mobile users leaked online

China-linked threat actors have breached telcos and network service providers

5G Security

AT&T confirmed that a data breach impacted 73 million customers

Cuttlefish malware targets enterprise-grade SOHO routers

AT&T states that the data breach impacted 51 million former and current customers

Nobelium APT uses new Post-Compromise malware MagicWeb

Undersea Cables and Cyber Physical Risks.

Store manager admits SIM swapping his customers

New GTPDOOR backdoor is designed to target telecom carrier networks

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

3.5m IP cameras exposed, with US in the lead

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

FCC Enacts Rules Against SIM Swapping to Protect Mobile Phone Users

Ransomware and wiper signed with stolen certificates

Stay Connected