Tag Archive for: discloses

Slack Discloses Breach of Its Github Code Repository

/in


Ever since Elon Musk spent $44 billion on Twitter and laid off a large percentage of the company’s staff, there have been concerns about data breaches. Now it seems a security incident that predates Musk’s takeover is causing headaches. This week, it emerged that hackers released a trove of 200 million email addresses and their links to Twitter handles, which were likely gathered between June 2021 and January 2022. The sale of the data may put anonymous Twitter accounts at risk and heap further regulatory scrutiny on the company.

WhatsApp has launched a new anti-censorship tool that it hopes will help people in Iran to avoid government-enforced blocks on the messaging platform. The company has made it possible for people to use proxies to access WhatsApp and avoid government filtering. The tool is available globally. We’ve also explained what pig-butchering scams are and how to avoid falling into their traps.

Also this week, cybersecurity firm Mandiant revealed that it has seen Russian cyberespionage group Turla using innovative new hacking tactics in Ukraine. The group, which is believed to be connected to the FSB intelligence agency, was spotted piggybacking on dormant USB infections of other hacker groups. Turla registered expired domains of years-old malware and managed to take over its command-and-control servers.  

We also reported on the continued fallout of the EncroChat hack. In June 2020, police across Europe revealed they had hacked into the encrypted EncroChat phone network and collected more than 100 million messages from its users, many of them potentially serious criminals. Now thousands of people have been jailed based on the intelligence gathered, but the bust is raising wider questions around law enforcement hacking and the future of encrypted phone networks.

But that’s not all. Each week, we round up the security stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there. 

On December 31, as millions of people were preparing for the start of 2023, Slack posted a new security update to its blog. In the post, the company says it detected a “security issue involving unauthorized access to…

Source…

Australian Telecom Giant TPG Discloses Email Hack

/in


Forensics
,
Security Operations

Threat Actors Searched Email Inboxes for Cryptocurrency and Financial Information

Mihir Bagwe (MihirBagwe) •
December 15, 2022    

Australian Telecom Giant TPG Discloses Email Hack
Image: Shutterstock

Australian telecom and internet service provider TPG disclosed a data breach detected by an outside cybersecurity forensics team conducting a historical review.

See Also: Finding a Password Management Solution for Your Enterprise

The Microsoft Exchange email accounts of as many as 15,000 customers at subsidiaries iiNet and Westnet may be affected by the breach, TPG disclosed in a Wednesday filing to the Australian Securities Exchange.

It appears, TPG wrote, that hackers searched inboxes for data on cryptocurrency and other financial information they could steal. “We have implemented measures to stop the unauthorized access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said. “We have notified the relevant government authorities.”

Consumer products were not affected, the company said. TPG encompasses a slew of brands including mobile carrier and ISP brands such as Vodafone, AAPT, Internode, Lebara and Felix.

Cybersecurity firm Mandiant, now owned by Google, notified the TPG about the attack on Tuesday. Mandiant has an “ongoing engagement to assist with cyber protection” and was in the process of sifting through historical data when analysts spotted the intrusion.

The breach adds to a growing list of cyberattacks on Australia’s telecommunication industry.

Only days ago, Telstra published names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company blamed a “misalignment of databases” (see: Australian Telecom…

Source…

Largest mobile SMS routing firm discloses five-year-long breach

/in


SMS routing firm Syniverse discloses a five-year-long breach

Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers.

Self-described as “the world’s most connected company,” Syniverse provides text messaging routing services to over 300 mobile operators, among them Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile.

Syniverse is so big that it brags about having as its customers “nearly every mobile communications provider, the largest global banks, the world’s biggest tech companies.”

Breach tracked to May 2016

In a filing on September 27 with the U.S. Securities and Exchange Commission (SEC) spotted by Motherboard journalist Lorenzo Franceschi-Bicchierai, Syniverse disclosed that an unauthorized party accessed on several occasions databases on its network.

When the company became aware of the intrusions in May 2021, an internal investigation began to determine the extent of the hack.

“The results of the investigation revealed that the unauthorized access began in May 2016,” the company reveals in the SEC filing.

For five years, hackers maintained access to Syniverse internal databases and compromised the login data for the Electronic Data Transfer (EDT) environment belonging to about 235 customers.

“All EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. All customers whose credentials were impacted have been notified of that circumstance” – Syniverse

Huge node for mobile communications

The company notes that its investigation did not reveal intent to disrupt operations or to monetize from the intrusion.

Even if the investigation did not find any evidence, the company does not exclude the possibility of data exfiltration, which could impact its business, employees, customers, suppliers, and vendors, and could also lead to a future cyber attack.

From its role as an intermediary between mobile carriers, it is easy to infer the type of data the hackers could access by breaching Syniverse: at least details about the source, destination,…

Source…

The Taliban’s access to data. Bangkok Airways discloses data breach. FBI and CISA urge vigilance during Labor Day weekend.

/in


The Taliban’s access to data.

The Taliban’s seizure of HIIDE (Handheld Interagency Identity Detection Equipment) biometric registration and identification devices aroused concern when it was first reported, but the risks of that loss, while real, seem likely to be limited. MIT Technology Review argues that a more serious matter is the insurgent government’s acquisition of APPS, the Afghan Personnel and Pay System used by the deposed government’s Ministries of Defense and the Interior. APPS data were unprotected by retention or deletion policies and was presumably seized intact.

Phorpiex botnet shuts down.

The Record reports that the Phorpiex botnet has shut down, and researchers at Cyjax have found that the botnet’s proprietors are offering the source code for sale. If you’re in the market, not that you would be, know that Phorpiex has a mixed reputation in the underworld. It’s been profitable, with its spam module and ability to hijack cryptocurrency clipboards being consistent moneymakers. Phorpiex has also hired its botnet out for use by ransomware operators, among them Avaddon, a gang that’s recently gone into occultation. On the other hand Phorpiex’s own security has tended toward the slipshod, with other criminals able to either uninstall it or substitute their own payloads for those the proprietors intended.

Bangkok Airways discloses data breach.

Bangkok Airways disclosed that it’s been the victim of an attack that compromised passengers’ personal information, including name, “nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.” ZDNet reports that the LockBit ransomware gang has claimed responsibility and threatened to release information if their ransom demands aren’t met. That data dump, the Register wrote Tuesday, has begun, as Bangkok Airways refused to pay the ransom. The size of the data dump is assessed variously as between 103GB and more than 200GB.

BleepingComputer reports that the gang also claims to have used credentials stolen from Accenture to access and encrypt files at an unnamed airport. That last brag, however, seems not to be…

Source…