Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Hacks (Page 2 of 6)

Auto Added by WPeMatico

T-Mobile’s Data Breach Is Real And Worse Than You Imagined

T-Mobile storefrontAlastair Pike/AFP/Getty Images

Earlier this week, T-Mobile confirmed news and reports that the company had been hacked and experienced a wide customer data breach. And while the company’s findings show not all 100+ million customers are affected, it’s still bad news, and the details are going from bad to worse.

After confirming over 40 million customers’ user data was compromised, on Friday, the mobile carrier reported that hackers illegally accessed customer names, dates of birth, phone numbers, social security numbers, addresses, and even IMEI numbers for customer devices. This includes current, former, and potential customers, as well as postpaid users.

T-Mobile also said it had identified an additional 667,000 accounts of former customers that were accessed. This is bad news as hackers can easily use that info for identity theft, SIM swapping attacks to intercept secure two-factor logins, and other harmful activities.

So far, the number of affected customers is over 50 million. In a press release, the company said it’s taking immediate steps to help protect affected customers and is coordinating with law enforcement.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” said the company. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”

The company has now opened a dedicated webpage full of information for customers. Here, T-Mobile users can find information on how to change their PIN or passwords or sign up for a complimentary 2-years of McAfee ID Theft Protection services. T-Mobile recommends postpaid customers change their PIN and have already alerted many users or reset it themselves.

via The Verge

Source: https://www.reviewgeek.com/95482/t-mobiles-data-breach-is-real-and-worse-than-you-imagined/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Cory Gunther

T-Mobile confirms data breach affects over 47 million people

f6504e10-0a0e-11eb-bffe-84d3e0cb9010

As part of its ongoing data breach investigation, T-Mobile has confirmed the enormity of the stolen information. Roughly 47.8 million current and former or prospective customers have been affected by the cyberattack on its systems, the carrier confirmed on Wednesday. Of that number, about 7.8 million are current T-Mobile postpaid accounts and the rest are prior or potential users who had applied for credit, the company added in a press release

Worryingly, the data includes some personal information including the first and last names, date of birth, SSN, and driver’s license/ID information for a “subset of customers.” So far, T-Mobile said it does not have any indication that the stolen files contain phone numbers, account numbers, passwords or financial information.

What’s more, the company said about 850,000 active T-Mobile prepaid customers also had their names, phone numbers and account PINs exposed. The affected users do not include Metro by T-Mobile, former Sprint prepaid, or Boost users and T-Mobile said it has reset the PINs on these accounts. In addition, it claimed that “some additional information” from inactive prepaid accounts was accessed through prepaid billing files.

The findings from the carrier’s preliminary analysis come just days after it was notified of a data breach. Initially, it was reported that a member of an underground forum claimed to have obtained the data for over 100 million T-Mobile customers. The culprit was reportedly selling information of about 30 million T-Mobile customers for about $270,000 in Bitcoin. 

As part of its compensation and mitigation efforts, T-Mobile is offering affected customers two years of McAfee’s ID Theft Protection Service; recommending all postpaid users change their PIN; and setting up an online resource page. T-Mobile said that it began coordination with law enforcement on Tuesday as its investigation into the data breach — the third such attack it has suffered in the past two years — continues.

Source: https://www.engadget.com/t-mobile-data-breach-affected-people-103104868.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Saqib Shah

T-Mobile confirms unauthorized access to ‘some’ data

016d3470-0a10-11ea-b3ab-05aa46926fd7

Following reports of a data breach over the weekend, T-Mobile has confirmed it’s investigating a cybersecurity incident. In an update published on Monday, the company said someone gained unauthorized access to its computer systems, but that it has yet to determine if any customer data was stolen.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the carrier said.

When Motherboard first broke the news of the data breach on Sunday, the information of about 30 million T-Mobile customers was on sale on the dark web for about $270,000 in Bitcoin. A hacker told the outlet they had obtained social security and IMEI numbers connected to more than 100 million people. As of the second quarter of 2021, T-Mobile had 104.7 million subscribers. The carrier said it could not “confirm the reported number of records affected or the validity of statements made by others” until it completes its investigation. Once it knows more about the situation, T-Mobile promises to proactively contact customers.

Source: https://www.engadget.com/t-mobile-confirms-data-breach-203719462.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Igor Bonifacic

Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown

You did a bad bad thing.

Enlarge / You did a bad bad thing. (credit: Getty Images)

Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday.

Cobalt Strike is a legitimate security tool used by penetration testers to emulate malicious activity in a network. Over the past few years, malicious hackers—working on behalf of a nation-state or in search of profit—have increasingly embraced the software. For both defender and attacker, Cobalt Strike provides a soup-to-nuts collection of software packages that allow infected computers and attacker servers to interact in highly customizable ways.

The main components of the security tool are the Cobalt Strike client—also known as a Beacon—and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific “malleability” customizations, such as how often the client is to report to the server or specific data to periodically send.

Read 11 remaining paragraphs | Comments

index?i=aDwsn33khug:JLLa6ZeGIck:V_sGLiPB index?i=aDwsn33khug:JLLa6ZeGIck:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/08/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

Over 100 warship locations have been faked in one year

63697eb0-f247-11eb-bd7f-00dcafc086fa

Abuses of location technology might just result in hot political disputes. According to Wired, SkyWatch and Global Fishing Watch have conducted studies showing that over 100 warship locations have been faked since August 2020, including the British aircraft carrier Queen Elizabeth and the US destroyer Roosevelt. In some cases, the false data showed the vessels entering disputed waters or nearing other countries’ naval bases — movements that could spark international incidents.

The research team found the fakes by comparing uses of the automatic identification system (AIS, a GPS-based system to help prevent collisions) with verifiable position data by using an identifying pattern. All of the false info came from shore-based AIS receivers while satellites showed the real positions, for instance. Global Fishing Watch had been investigating fake AIS positions for years, but this was the first time it had seen falsified data for real ships.

It’s not certain who’s faking locations and why. However, analysts said the data was characteristic of a common perpetrator that might be Russia. Almost all of the affected warships were from European countries or NATO members, and the data included bogus incursions around Kaliningrad, the Black Sea, Crimea and other Russian interests. In theory, Russia could portray Europe and NATO as aggressors by falsely claiming those rivals sent warships into Russian seas.

Russia has historically denied hacking claims. It has a years-long history of using fake accounts and misinformation to stoke political tensions that further its own ends, though. And if Russia is connected, the faked warship locations might be a significant escalation of that strategy. Even though such an approach might not lead to shooting matches, it could get disconcertingly close.

Source: https://www.engadget.com/warship-fake-locations-221800228.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Jon Fingas

Hackers got past Windows Hello by tricking a webcam

Clearly the quickest way to bypass Microsoft facial recognition, no?

Clearly the quickest way to bypass Microsoft facial recognition, no?

Biometric authentication is a key piece of the tech industry’s plans to make the world password-less. But a new method for duping Microsoft’s Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn’t.

Services like Apple’s FaceID have made facial-recognition authentication more commonplace in recent years, with Windows Hello driving adoption even farther. Apple only lets you use FaceID with the cameras embedded in recent iPhones and iPads, and it’s still not supported on Macs at all. But because Windows hardware is so diverse, Hello facial recognition works with an array of third-party webcams. Where some might see ease of adoption, though, researchers from the security firm CyberArk saw potential vulnerability.

wired-logo.png

That’s because you can’t trust any old webcam to offer robust protections in how it collects and transmits data. Windows Hello facial recognition works only with webcams that have an infrared sensor in addition to the regular RGB sensor. But the system, it turns out, doesn’t even look at RGB data. Which means that with one straight-on infrared image of a target’s face and one black frame, the researchers found that they could unlock the victim’s Windows Hello–protected device.

Read 11 remaining paragraphs | Comments

index?i=sOkZpmzuRzY:haxRE8IR8Qg:V_sGLiPB index?i=sOkZpmzuRzY:haxRE8IR8Qg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/information-technology/2021/07/hackers-got-past-windows-hello-by-tricking-a-webcam/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: WIRED

Iran’s railway system fell prey to a cyberattack this weekend

e95dad90-e30e-11eb-bffe-f3591e49cd94

Iran faced its own spate of cyberattacks this weekend. Reuters and The Guardian report that Iran’s railway train system and transportation websites suffered a “cyber-disruption” (according to state media) on the weekend. Portal sites went down, although it’s not clear just how badly the train system were affected. Officials claimed that only the train displays were compromised with fake messages, but the Fars news agency claimed there was “unprecedented chaos” that included cancellations and delays.

The sites and train systems were back to normal as of Monday morning.

It’s not certain who was behind the attack, although telecom minister Mohammad Javad Azari-Jahromi alerted people to the threat of ransomware if they didn’t address security vulnerabilities. Iran has historically blamed some cyberattacks on the US and Israel, although ransomware is more often the work of criminal organizations.

The US and other countries have typically pinned cyberattacks on Iran, and both sides have engaged in relatively quiet digital warfare. However, it’s not clear that’s the cause here — this could just represent ‘ordinary’ hackers exploiting weak points in Iran’s infrastructure, whether to make money or create havoc.

Source: https://www.engadget.com/iran-railway-transport-ministry-cyberattack-132936701.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Jon Fingas

DOJ to Treat Ransomware Hacks Like Terrorism Now: Here’s the Full Memo

29bcb6a15648c3c33add6a618ad07a96.jpg

The U.S. Department of Justice plans to take a much harsher tack when pursuing cybercriminals involved in ransomware attacks—and will investigate them using similar strategies to the ones currently employed against foreign and domestic terrorists.

Read more…

Source: https://gizmodo.com/doj-to-treat-ransomware-hacks-like-terrorism-now-heres-1847027610
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

Israel appears to confirm it carried out cyberattack on Iran nuclear facility

8251.jpg?width=1200&height=630&quality=8

Shutdown happened hours after Natanz reactor’s new centrifuges were started

Israel appeared to confirm claims that it was behind a cyber-attack on Iran’s main nuclear facility on Sunday, which Tehran’s nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators.

The apparent attack took place hours after officials at the Natanz reactor restarted spinning advanced centrifuges that could speed up the production of enriched uranium, in what had been billed as a pivotal moment in the country’s nuclear programme.

Continue reading…

Source: https://www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Martin Chulov Middle East correspondent

« Older posts Newer posts »