Krebs on Security
JULY 12, 2024
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.
Schneier on Security
JULY 12, 2024
The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” The agency is (so far) refusing to release it. Basically, the recording is in an obscure video format. People at the NSA can’t easily watch it, so they can’t redact it. So they won’t do anything.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 12, 2024
Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.
Malwarebytes
JULY 12, 2024
In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of “nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023” In a filing with the Securities and Exchange Commission (SEC), AT&T said: “On April 19, 2024, AT&T Inc.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Bleeping Computer
JULY 12, 2024
AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. [.
Security Boulevard
JULY 12, 2024
We're primed to face another Y2K-like event: Q-Day, the point at which quantum computers become capable of breaking traditional encryption, totally upending security as we know it. The post Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 12, 2024
Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them. The post AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again appeared first on Security Boulevard.
Malwarebytes
JULY 12, 2024
In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users says: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.
Security Boulevard
JULY 12, 2024
Financial firms should explore how the vast array of SASE services can improve the services they offer while providing unparalleled security for the network. The post Addressing Financial Organizations’ Digital Demands While Avoiding Cyberthreats appeared first on Security Boulevard.
The Hacker News
JULY 12, 2024
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JULY 12, 2024
Threat actors targeting the upcoming Paris Olympics release a three-part video series called "Olympics Has Fallen II" and use AI-generated deepfake technology to make it appear that Tesla CEO Elon Musk is narrating the story. The post Musk’s Voice, Likeness Used in Deepfake Scam Targeting the Olympics appeared first on Security Boulevard.
The Hacker News
JULY 12, 2024
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale.
Security Affairs
JULY 12, 2024
AT&T disclosed a new data breach that exposed phone call and text message records for approximately 110 million people. AT&T suffered a massive data breach, attackers stole the call logs for approximately 110 million customers, which are almost all of the company’s mobile customers. The stolen data was stolen on a database hosted by the company’s Snowflake , reported Techcrunch quoting an AT&T spokesperson.
Bleeping Computer
JULY 12, 2024
A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 12, 2024
A critical vulnerability in Exim mail server allows attackers to deliver malicious executable attachments to mailboxes. Attackers can exploit a critical security flaw, tracked as CVE-2024-39929 (CVSS score of 9.1), in the Exim mail transfer agent to deliver malicious attachments to target users’ inboxes. Exim is a widely used Mail Transfer Agent (MTA) designed to route, deliver, and receive email messages.
WIRED Threat Level
JULY 12, 2024
Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.
Security Affairs
JULY 12, 2024
Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.
Graham Cluley
JULY 12, 2024
Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. Read more in my article on the Tripwire State of Security blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
SecureWorld News
JULY 12, 2024
On July 12, 2024, AT&T disclosed a data security incident that occurred in 2022. The company confirmed that unauthorized individuals accessed customer data stored on a third-party cloud platform. The massive cyberattack exposed data from "nearly all" of its customers and downloaded it to a third-party cloud platform, AT&T said in a press release.
Bleeping Computer
JULY 12, 2024
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [.
Malwarebytes
JULY 12, 2024
In a new episode of Spy vs Spy , the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor on other users are also—unsurprisingly—rather lax when it comes to their own security.
Bleeping Computer
JULY 12, 2024
Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
JULY 12, 2024
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer.
Bleeping Computer
JULY 12, 2024
Threat actors commonly use Living Off The Land (LOTL) techniques to evade detection. Learn more from Wazuh about how its open source XDR/SIEM #cybersecurity platform can detect LOTL attacks. [.
The Hacker News
JULY 12, 2024
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files.
Bleeping Computer
JULY 12, 2024
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JULY 12, 2024
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.
Security Boulevard
JULY 12, 2024
Explore the importance of zero-trust in safeguarding sensitive information, enhancing organizational visibility, and ensuring a secure and seamless user experience. The post Zero-Trust Strategies: Paving the Way for a Secure Future & Sustainable Enterprise Growth appeared first on Security Boulevard.
The Hacker News
JULY 12, 2024
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done.
eSecurity Planet
JULY 12, 2024
Cloud database security refers to the set of techniques and procedures used to shield cloud-based storage from malicious or unintentional attacks. It safeguards data by authenticating users and devices, controlling access to data and resources, and following regulatory requirements. This security approach protects against common threats like data breaches, DDoS assaults, viruses, hackers, and unauthorized access in cloud environments.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
304 
Let's personalize your content