Tag: Don’t | SpinSafe

73 Million AT&T Users’ Data Leaked As Hacker Said, ‘I Don’t Care If They Don’t Admit. I’m Just Selling’ Auctioned At Starting Price Of $200K – AT&T (NYSE:T)

April 4, 2024/in Computer Security

Telecommunications giant AT&T Inc. T recently disclosed a significant data breach dating back to 2021 that resulted in the exposure of sensitive information belonging to 73 million users and is now circulating on the dark web.

The leaked data includes a wealth of personal details such as Social Security numbers, email addresses, phone numbers and dates of birth, affecting both current and former account holders. AT&T revealed that among the impacted people, 7.6 million are current account holders.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable,” AT&T said in its press release about the situation.

Don’t Miss:

The hacker behind this brazen cyberattack is ShiningHacker, a notorious figure known for previous data breaches targeting platforms such as Wattpad, Tokopedia, and Microsoft Corp.’s GitHub, according to Bleeping Computer.

Initially, AT&T denied any internal data breach when a small portion of the stolen data surfaced in 2021, claiming no knowledge of leaked information from their servers or vendors.

However, subsequent investigations revealed a different story. While AT&T refuted the claims initially, ShiningHacker admitted to the breach, dismissing AT&T’s stance with the assertion, “I don’t care if they don’t admit. I’m just selling,” according to Bleeping Computer.

The hacker attempted to monetize the stolen data by offering it for sale on the RaidForums data theft forum, setting the starting price at $200,000 and accepting incremental offers of $30,000. ShiningHacker indicated a willingness to immediately sell the data for $1 million, underscoring the severity and audacity of the cybercrime.

Trending: Long overdue disruption in the moving industry is underway. Here’s how to invest in it with just $100.

Telecommunications providers have become recent targets of cyberattacks, with T-Mobile facing a breach in 2023 affecting 37 million customers, and Verizon Communications Inc. experiencing a leak impacting 63,000 customers and employees.

In December, the Federal…

Source…

Schools don’t have great cybersecurity, and hackers have caught on : NPR

March 11, 2024/in Computer Security

Scott Elder has a pretty typical morning routine. He wakes up at 7 a.m., drinks coffee and feeds the dogs, Bella (a rat terrier) and Spencer (a Chihuahua). But on Jan. 12, 2022, Elder’s routine was interrupted by a concerning phone call.

Elder is the superintendent of Albuquerque Public Schools in New Mexico, and the call came from his district’s IT department, saying they had found some sort of computer virus.

He recalls thinking, “Oh, we’ve got a bug in the system and they found it so they’ll just kill it and we’ll be done, right?”

The bug was in the student records system. So Elder’s IT staff shut that network down. But that meant teachers wouldn’t have access to basic information about the almost 70,000 students enrolled in New Mexico’s largest school district. Educators couldn’t take attendance, wouldn’t know children’s bus routes and were locked out of grading systems.

Meanwhile, IT staff was desperately trying to figure out whether the computer virus had spread to their health records, security system and payroll.

Over the course of the morning, Elder began to understand the enormity of the situation.

Health care company ties Russian-linked cybercriminals to prescriptions breach

“I would say that I went from mildly disturbed at 7 a.m., to very concerned by 9 a.m., to sick to my stomach by noon because I was beginning to realize that this was not a one-day event, that we had a real problem.”

Then came the ransom demand for more than a million dollars.

School systems of every size have been hit by cyberattacks, from urban districts like Los Angeles and Atlanta, to rural districts in Pennsylvania and Illinois. And the problem has been growing.

While it’s hard to know exactly how many K-12 school systems have been targeted by hackers, an analysis by the cyber security firm Emsisoft estimates that 45 school districts were attacked in 2022. In 2023, Emsisoft found that number more than doubled, to 108.

“The education sector has been and continues to be very heavily…

Source…

Hackers are infecting Macs with malware using calendar invites and meeting links — don’t fall for this

February 29, 2024/in Computer Security

Getting an email with a calendar link for a meeting has become commonplace, but you may want to think twice before clicking on one. That’s because hackers have begun using calendar invites and meeting links to infect unsuspecting users with Mac malware.

As reported by Krebs On Security, cybercriminals are now abusing the popular scheduling tool Calendly in their scams. Like with other malware campaigns, this one uses social engineering to find potential targets but instead of draining their bank accounts, it goes after cryptocurrency.

Still, the hackers behind this campaign could pivot to go after other types of accounts by using a different Mac malware strain. Here’s everything you need to know about how this scam works as well as how to protect yourself and your Apple devices from Mac malware.

From meeting invite to malware infection

Krebs On Security got a first-hand look into this scam after one of the site’s readers explained how they were targeted and fell for it.

In this campaign, the hackers behind it are impersonating cryptocurrency investors who are asking to schedule a video call. However, this lure could easily be adapted to go after other groups of potential victims.

The attack itself began when the reader was approached via Telegram by a scammer that wanted to invest in their startup. Everything seemed above board though and they then shared their Calendly profile with the scammer.

When it was time for the meeting, the reader clicked on the meeting link and nothing happened. They then contacted the scammer who explained that there was an issue with the video platform. Fortunately though, their IT people had created a different meeting link.

While this is certainly the kind of thing that should raise suspicions, the reader didn’t think twice and clicked on the link. However, instead of opening a videoconferencing app, a message appeared on their Mac saying the video service was experiencing technical difficulties. The message also referenced a script that could be run as a temporary solution to fix these issues.

By running the script, the reader unknowingly infected their Mac with a dangerous trojan designed to siphon off personal and financial data from their…

Source…

What Your SSE’s CASBs Don’t Understand

December 8, 2023/in Internet Security

What Your SSE’s CASBs Don’t Understand

getty

Ten years ago, SaaS data security was not a big concern—since most corporate data was stored in on-prem or homegrown applications. Then, SaaS adoption exploded thanks to improved productivity, lower operational costs and ease of use. Today, SaaS applications are standard across all major verticals and industries worldwide. Every organizational department uses SaaS applications to push business. Moreover, SaaS consumption patterns have evolved over time from internal-only access to collaborative, external access, as well as programmatic, API-based access.

However, early SaaS security solutions called cloud access security brokers (CASB) haven’t evolved alongside the new SaaS era. Initially, CASB solutions offered reverse and forward proxy modes, intended to sit between the end-user’s device and the web to enforce access controls on a network level. While effective in meeting multiple compliance requirement checkboxes and visualizing end-user activity, CASBs in proxy mode don’t understand how SaaS applications work.

Over the years, CASB vendors have introduced secure access service edge (SASE) and zero trust network access (ZTNA) capabilities, eliminating the need for a physical VPN and enabling secure remote access from any network and device. This opened an enormous market for disruption that eventually put SASE at the forefront of leading security vendors.

From there, a new cross-product category emerged to combine ZTNA, CASB and secure web gateway (SWG) into one consolidated offering: security service edge (SSE). Vendors are incentivized to sell as a platform, which makes sense for many reasons (low total cost of ownership, single interface, single support team, single documentation, etc). Yet this bundle still relies on 10-year-old CASB API technology and, again, doesn’t understand how SaaS applications work.

SSE vendors offer a so-called modern CASB in API mode; however, technological gaps in their implementation and architecture pose significant risks in preventing SaaS application data breaches.

SSE vendors had begun to use the SSL proxy capabilities of SWG in front of SaaS applications to decrypt, inspect and…

Source…

Tag Archive for: Don’t