Passwords and Telecommunications - Cyber Security Informer

The UK Bans Default Passwords

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords

Passwords IoT Manufacturing Telecommunications

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

European Telecommunications Standards Institute (ETSI) suffered a data breach

Security Affairs

OCTOBER 2, 2023

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ).

Telecommunications

Telecommunications Data breaches Technology Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

From there, the attacker can reset the password of any account which uses that phone number for password reset links. Most large and legacy telecommunications providers validate transfer requests related to their customers by consulting NPAC , or the Number Portability Administration Center. ” WHAT CAN YOU DO?

Telecommunications

Telecommunications Mobile Accountability Wireless

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

The Hacker News

APRIL 29, 2024

National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.

Passwords

Passwords Telecommunications Manufacturing

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

FEBRUARY 1, 2021

The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies. ” SMS Bandits offered an SMS phishing (a.k.a.

Phishing

Phishing Telecommunications Advertising Mobile

Hacking Group Moshen Dragon Targets Asian Telecommunication Companies

Heimadal Security

MAY 3, 2022

When it comes to sideloading malicious Windows DLLs into antivirus programs, stealing passwords to move laterally, and finally exfiltrating data from affected PCs, the hackers are quite persistent. The post Hacking Group Moshen Dragon Targets Asian Telecommunication Companies appeared first on Heimdal Security Blog. What Happened?

Telecommunications

Telecommunications Hacking Antivirus Passwords

Alleged China-Tied Hackers Are Targeting Telecommunications Sector

SecureWorld News

OCTOBER 21, 2021

Since 2016, this cybercrime organization has been building customized tools to invade the world's telecommunications sector. According to the blog, at least 13 telecommunications companies have been breached by LightBasin since 2019. LightBasin hacks critical infrastructure with intention and competence.

Telecommunications

Telecommunications Energy and Utilities Passwords Hacking

Cell Networks Hacked by (Probable) Nation-State Attackers

Schneier on Security

JULY 9, 2019

Original report : Based on the data available to us, Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers. The attack was aiming to obtain CDR records of a large telecommunications provider.

Hacking

Hacking Telecommunications Malware Passwords

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly.

VPN

VPN Passwords Software Telecommunications

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The malspam messages had the topic Free primary legal aid use a password-protected attachment Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

“The NKTsKI recommends that all organizations change passwords and keys for accessing their systems operated in LANIT data processing centers as soon as possible. The group serves various sectors, including finance, government, healthcare, and telecommunications.

Telecommunications

Telecommunications Software Technology Healthcare

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. Nice Cup of IoTea? The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear.

IoT

IoT Passwords Social Engineering Telecommunications

New law will issue bans, fines for using default passwords on smart devices

Malwarebytes

NOVEMBER 25, 2021

And because of our high propensity to forgo changing default passwords that came with the smart devices we buy, we’re essentially putting ourselves—our homes and our family’s data and privacy—at the forefront of online attacks without us knowing. but not vehicles, smart meters, smart medical devices, laptops, and desktop computers.

Passwords

Passwords Telecommunications Internet Internet

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Storm-2372s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.”

Phishing

Phishing Authentication Telecommunications Accountability

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

Security Affairs

MARCH 27, 2025

Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). is a US-based telecommunications company that provides broadband internet, cable TV, and phone services. Compromised data includes usernames, passwords, security details, emails, and Firebase integration data.

Hacking

Hacking Telecommunications Data breaches Internet

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities. “This would effectively cut off Internet access for the impacted IP address blocks.”

Internet

Internet Internet Authentication Telecommunications

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO

CISO Encryption Telecommunications Financial Services

Secret Backdoors Found in German-made Auerswald VoIP System

The Hacker News

DECEMBER 21, 2021

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

Penetration Testing

Penetration Testing Firmware Telecommunications Manufacturing

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. Attackers inserted rogue JavaScript to capture usernames and passwords in real-time, enhancing lateral movement within networks. ” concludes the report.

Telecommunications

Telecommunications DNS Passwords Hacking

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

OCTOBER 12, 2020

“We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world,” wrote Tom Burt , corporate vice president of customer security and trust at Microsoft, in a blog post this morning about the legal maneuver. Image: Microsoft.

Healthcare

Healthcare Ransomware Internet Internet

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Security Affairs

MARCH 24, 2025

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. First, attackers used specific keywords, such as “password” and “key,” in the payload, which WAFs typically redact in logs, obscuring the malicious content.

Telecommunications

Telecommunications Encryption Accountability Firewall

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

For those who can’t be convinced to use a password manager, even writing down all of the account details and passwords on a slip of paper can be helpful, provided the document is secured in a safe place. Perhaps the most important place to enable MFA is with your email accounts. For more information on the NCTUE, see this page.

Accountability

Accountability Mobile Banking Passwords

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

.” T-Mobile said that threat actors did not access names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs. The telecommunication giant is in the process of notifying impacted customers.

Data breaches

Data breaches Mobile Telecommunications Wireless

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Each of these organizations performs cyber operations for various reasons.

Cybersecurity

Cybersecurity Cybercrime Education Government

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director. In response to the incident, the SFO Airport reset all email and network passwords.

Data breaches

Data breaches Hacking Telecommunications Advertising

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. “An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright.

Mobile

Mobile Wireless Advertising Telecommunications

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. The telecommunications provider pointed out that no financial information (credit or debit card numbers, banking details) has been compromised. Access to the affected legacy database has also been closed.”continues

Data breaches

Data breaches Telecommunications Banking Mobile

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Security Affairs

JULY 10, 2021

Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States. An unauthorized person also potentially accessed subscribers’ personal information, including call history, names, addresses, emails, and passwords.

Mobile

Mobile Data breaches Telecommunications Passwords

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Data breaches Telecommunications Identity Theft

Aussie Telcos are Failing at Some Fundamental Security Basics

Troy Hunt

MARCH 27, 2018

It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in their stores?

Passwords

Passwords Banking Mobile Telecommunications

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Security Affairs

JUNE 25, 2019

Once compromised the networks of telecommunication companies, attackers can access to mobile phone users’ call data records. “Based on the data available to us, Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers.

Telecommunications

Telecommunications Hacking Advertising Mobile

GovPayNow.com Leaks 14M+ Records

Krebs on Security

SEPTEMBER 17, 2018

In January 2018, GovPayNet was acquired by Securus Technologies , a Carrollton, Texas- based company that provides telecommunications services to prisons and helps law enforcement personnel keep tabs on mobile devices used by former inmates. We will continue to evaluate security and access to all systems and customer records.”.

Mobile

Mobile Government Identity Theft Telecommunications

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Hackers have stolen O2 customers’ data from a database run by Aerial Direct , one of the largest UK partners of the telecommunications services provider. To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.” Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Passwords Advertising

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

For businesses, this means their compromised access can be resold multiple times, leaving them vulnerable to repeated attacks from different threat actors if passwords arent changed promptly. This plaintext file often contains usernames and passwords, giving attackers immediate access to credentialsno advanced tools or expertise needed.

VPN

VPN Authentication Ransomware Risk

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. organizations, including banks, credit unions, non-profits, telecommunications providers, public utilities and police, fire and rescue units.

Hacking

Hacking Software Government Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. None of your financial data (including credit card information) or social security numbers was involved , and no passwords were compromised.”

Wireless

Wireless Data breaches Mobile Telecommunications

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Security Affairs

DECEMBER 15, 2021

Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. In the recent campaign against telecommunication, the attackers may have attempted to pivot to other targets by connecting to the Exchange Web Services (EWS) of other organizations.

Telecommunications

Telecommunications Passwords Phishing Hacking

AT&T confirms 73 million people affected by data breach

Malwarebytes

APRIL 2, 2024

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else.

Data breaches

Data breaches Passwords Phishing Accountability

The UK Bans Default Passwords

France’s second-largest telecoms provider Free suffered a cyber attack

Trending Sources

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

European Telecommunications Standards Institute (ETSI) suffered a data breach

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Can We Stop Pretending SMS Is Secure Now?

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

NCSC: New UK law bans default passwords on smart devices

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Hacking Group Moshen Dragon Targets Asian Telecommunication Companies

Alleged China-Tied Hackers Are Targeting Telecommunications Sector

Cell Networks Hacked by (Probable) Nation-State Attackers

Hackers Were Inside Citrix for Five Months

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Russia warns financial sector organizations of IT service provider LANIT compromise

Brits Ban Default Passwords — and More IoT Stupidity

New law will issue bans, fines for using default passwords on smart devices

Storm-2372 used the device code phishing technique since August 2024

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

The Internet is Held Together With Spit & Baling Wire

China-linked LightBasin group accessed calling records from telcos worldwide

Why CISA is Warning CISOs About a Breach at Sisense

Secret Backdoors Found in German-made Auerswald VoIP System

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Why & Where You Should You Plant Your Flag

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

SFO discloses data breach following the hack of 2 of its websites

Why You Should Opt Out of Sharing Data With Your Mobile Provider

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

T-Mobile customers were hit with SIM swapping attacks

Aussie Telcos are Failing at Some Fundamental Security Basics

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

GovPayNow.com Leaks 14M+ Records

Aerial Direct, the O2’s largest UK partner suffered a data breach

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

3.5m IP cameras exposed, with US in the lead

T-Mobile discloses data breach affecting prepaid wireless customers

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

AT&T confirms 73 million people affected by data breach

Stay Connected