Fri.Jul 12, 2024

article thumbnail

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.

article thumbnail

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

Schneier on Security

The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” The agency is (so far) refusing to release it. Basically, the recording is in an obscure video format. People at the NSA can’t easily watch it, so they can’t redact it. So they won’t do anything.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive AT&T Hack Exposed ‘Nearly All’ Customer Phone Numbers

Tech Republic Security

Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.

Hacking 198
article thumbnail

“Nearly all” AT&T customers had phone records stolen in new data breach disclosure

Malwarebytes

In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of “nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023” In a filing with the Securities and Exchange Commission (SEC), AT&T said: “On April 19, 2024, AT&T Inc.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

The Hacker News

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network.

Wireless 143
article thumbnail

iPhone users in 98 countries warned about spyware by Apple

Malwarebytes

In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users says: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.

Spyware 144

More Trending

article thumbnail

The Sweeping Danger of the AT&T Phone Records Breach

WIRED Threat Level

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.

article thumbnail

Fake Microsoft Teams for Mac delivers Atomic Stealer

Malwarebytes

Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques. Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer.

Passwords 138
article thumbnail

New AT&T data breach exposed call logs of almost all customers

Security Affairs

AT&T disclosed a new data breach that exposed phone call and text message records for approximately 110 million people. AT&T suffered a massive data breach, attackers stole the call logs for approximately 110 million customers, which are almost all of the company’s mobile customers. The stolen data was stolen on a database hosted by the company’s Snowflake , reported Techcrunch quoting an AT&T spokesperson.

article thumbnail

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

Malwarebytes

In a new episode of Spy vs Spy , the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor on other users are also—unsurprisingly—rather lax when it comes to their own security.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Palo Alto Networks fixed a critical bug in the Expedition tool

Security Affairs

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.

article thumbnail

Massive AT&T data breach exposes call logs of 109 million customers

Bleeping Computer

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. [.

article thumbnail

Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks

Security Boulevard

We're primed to face another Y2K-like event: Q-Day, the point at which quantum computers become capable of breaking traditional encryption, totally upending security as we know it. The post Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks appeared first on Security Boulevard.

Risk 134
article thumbnail

Australian Defence Force Private and Husband Charged with Espionage for Russia

The Hacker News

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer.

Media 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again

Security Boulevard

Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them. The post AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again appeared first on Security Boulevard.

article thumbnail

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

The Hacker News

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.

131
131
article thumbnail

Critical Exim bug bypasses security filters on 1.5 million mail servers

Bleeping Computer

Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. [.

128
128
article thumbnail

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

The Hacker News

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files.

Malware 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Addressing Financial Organizations’ Digital Demands While Avoiding Cyberthreats

Security Boulevard

Financial firms should explore how the vast array of SASE services can improve the services they offer while providing unparalleled security for the network. The post Addressing Financial Organizations’ Digital Demands While Avoiding Cyberthreats appeared first on Security Boulevard.

article thumbnail

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

The Hacker News

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done.

Passwords 122
article thumbnail

Musk’s Voice, Likeness Used in Deepfake Scam Targeting the Olympics

Security Boulevard

Threat actors targeting the upcoming Paris Olympics release a three-part video series called "Olympics Has Fallen II" and use AI-generated deepfake technology to make it appear that Tesla CEO Elon Musk is narrating the story. The post Musk’s Voice, Likeness Used in Deepfake Scam Targeting the Olympics appeared first on Security Boulevard.

Scams 117
article thumbnail

RansomHub ransomware – what you need to know

Graham Cluley

Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

DNS hijacks target crypto platforms registered with Squarespace

Bleeping Computer

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. [.

DNS 111
article thumbnail

AT&T Discloses 2022 Data Breach Affecting Nearly Every Customer

SecureWorld News

On July 12, 2024, AT&T disclosed a data security incident that occurred in 2022. The company confirmed that unauthorized individuals accessed customer data stored on a third-party cloud platform. The massive cyberattack exposed data from "nearly all" of its customers and downloaded it to a third-party cloud platform, AT&T said in a press release.

article thumbnail

Rite Aid confirms data breach after June ransomware attack

Bleeping Computer

Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. [.

article thumbnail

The best VPN services of 2024: Expert tested and reviewed

Zero Day

We tested the best VPNs and ranked them based on speed, security, and features, to help protect you as you browse and stream online.

VPN 76
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Netgear warns users to patch auth bypass, XSS router flaws

Bleeping Computer

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [.

article thumbnail

The best mobile VPNs of 2024: Expert tested and reviewed

Zero Day

We tested the best mobile VPNs, which combine speed, security, and easy-to-use apps to help protect your iOS and Android devices.

Mobile 76
article thumbnail

Detecting Living Off The Land attacks with Wazuh

Bleeping Computer

Threat actors commonly use Living Off The Land (LOTL) techniques to evade detection. Learn more from Wazuh about how its open source XDR/SIEM #cybersecurity platform can detect LOTL attacks. [.

article thumbnail

The best bone conduction headphones of 2024: Expert tested and reviewed

Zero Day

We tested the best bone conduction headphones to keep you aware of your surroundings while you exercise outside in any environment.

76
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.