Only days after the T-Mobile data breach, the same threat actor is selling 70 million AT&T users’ records. The mobile service provider denied the data leak claim, saying the data didn’t come from any of their systems.
Source: https://QUE.com website.
ShinyHunters, the same group of threat actors that posted T-Mobile users’ data for sale just days ago, is now selling 70 million records that allegedly belong to another mobile service provider – AT&T. The sample of data for sale includes AT&T users’ full names, social security numbers, email addresses, and dates of birth.
ShinyHunters is selling the database for a starting price of $200,000.
Continue reading: https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/
The Taliban may have seized biometric data that can ID US allies in Afghanistan
The US military created a vast database of biometric data — one report suggests it had a goal of 25 million entries — as part of its effort to track terrorists in Afghanistan. Now that the US has withdrawn from the country, reports from The Intercept and Reuters suggest the Taliban could potentially use it to target allies left behind.
continue reading: https://www.theverge.com/2021/8/18/22630686/biometric-data-afghanistan-taliban-hiide-civilians
Microsoft Exchange Under Attack With ProxyShell Flaws
The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.
Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker’s May Patch Tuesday updates.
continue reading: https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html
Source image from Huntress.com website.
U.S. State Department Was Recently Hit by a Cyber Attack
The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying impacted individuals, White House Correspondent and fill-in anchor at Fox News Jacqui Heinrich revealed.
It is unclear when the security breach was discovered, but analysts believe it took place a couple of weeks ago.
continue reading: https://securityaffairs.co/wordpress/121354/hacking/us-state-department-hit-cyber-attack.html
CISA Shares Guidance on How to Prevent Ransomware Data Breaches
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes.
CISA’s fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts.
Continue reading: https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-on-how-to-prevent-ransomware-data-breaches/
Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That’s according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry.
continue reading: https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html
New Evidence Shows Strong Connection Between Diavol Ransomware and TrickBot Gang
Back in July, cybersecurity specialists at Fortinet announced the emergence of a new ransomware group allegedly developed by the creators of the advanced Trojan TrickBot.
The new ransomware family is called Diavol and it is believed to have connections to the Wizard Spider threat actor as the researchers discovered a few similarities in the operation mode employed by the malware.
Wizard Spider is a Russia-based cybercrime group that uses Trickbot, Ryuk, and Conti ransomware as their primary tools. According to the Fortinet researchers, both Diavol and Conti ransomware gangs used the same command-line parameters for different functions such as logging, encryption, and network scanning.
Continue reaing: https://heimdalsecurity.com/blog/new-evidence-shows-strong-connection-between-diavol-ransomware-and-trickbot-gang/
Read more CyberSecurity related news at https://QUE.com/tag/cybersecurity
Thank you for reading and stay safe.
@yehey