Trend Micro reported an insider stolen around 100,000 customer accounts details, with the data used by cyber con artists to make convincing scam phone calls impersonating their company to a number of their customers. In a statement, Trend Micro said it determined the attack was an inside job, an employee used fraudulent methods to access its customer support databases, retrieved the data and then sold it on. “Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said. The employee behind it was identified and fired, Trend Micro said it is working with law enforcement in an on-going investigation.
Security researchers found 4 billion records from 1.2 billion people on an unsecured Elasticsearch server. The personal information includes names, home and mobile phone numbers and email addresses and what may be information scraped from LinkedIn, Facebook and other social media sources.
T-Mobile reported a data breach of some their prepaid account customers. A T-Mobile spokesman said “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities”.
A French hospital was hit hard by a ransomware attack which has caused "very long delays in care". According to a spokesman, medical staff at Rouen University Hospital Centre (CHU) abandon PCs as ransomware had made them unusable, instead, staff returned to the "old-fashioned method of paper and pencil". No details about the strain of the ransomware have been released.
Microsoft released patches for 74 vulnerabilities in November, including 13 which are rated as critical. One of which was for a vulnerability with Internet Explorer (CVE-2019-1429), an ActiveX vulnerability known to be actively exploited by visiting malicious websites.
- Tips for Brits to stay Secure on Black Friday
- The Challenges of UK Cyber Security Standards
- How Much is Your Data Worth on the Dark Web?
- GTP Security: Securing 5G Networks with a GTP Firewall
- A UK Small Business is hacked every 19 seconds
- Combating the Accidental Insider Data Leakage Threat
- Broken Security? Most Business Leaders aren't confident about their Cybersecurity
- For Caught in the Crossfire of Cyberwarfare
- Labour Party DDoS Cyber Attacks
- Cyber Security Businesses: Solving Challenges Through New Technologies
- Five Emails you don’t want in your Inbox
- Why Cybersecurity Breach Survivors are Valued Assets
- Researchers find security flaws in ‘Amazon’s Ring Video Doorbell Pro’ IoT device
- Eliminating the Social Media Cyber Security Blind Spot
- Microsoft Ignite Cyber Security Takeaways
- Cyber Security Roundup for October 2019
- Phishing Attacks remains a popular Money-Spinner for Cyber Criminals
- Thousands of Disney Plus Accounts were Hacked and sold online for as little as £2.30 each
- Labour Party Hit by Two DDoS Attacks
- Recently Breached Capital One reassigns its CISO
- Trend Micro hit with Insider Attack
- Rouen Hospital turns to Pen and Paper after Cyber-Attack
- Data Breach Compromises T-Mobile Prepaid Accounts
- Unsecured Server Exposes 4 Billion Records of 1.2 Billion People
- Leaky Gekko Group Database Exposes Info on Hotel Brands, Travelers
- Microsoft Patches 74 Vulnerabilities, including 13 Critical for Windows, Exchange, Internet Explorer and Mac Office
- VMware Patches Five Security Vulnerabilities
- Intel Platform Update: 77 Vulnerabilities Patched, 2 Critical
- Adobe November Patch Tuesday
- Google Camera App Flaw endangered Millions of Devices
- Design Flaw leaves Bluetooth Devices Vulnerable
- Dexphot Malware uses Fileless Techniques to install Cryptominer
- ACBbackdoor Trojan Designed to hit Linux and Windows systems
- Attackers attempt large-scale BlueKeep exploit to Spread Cryptominer
- Chinese APT group Calypso Hacked state
- APT33 using small, elusive Botnets against Global Targets
- US Feds warn against Hidden Cobra’s Hoplight Malware
- Fin7 behind DiBella’s Data Breach affecting 305,000 cards
- New NextCry Ransomware targets NextCloud Sync and Share Solution
- Adversary Harbouring DopplePaymer Ransomware Targets Industrial Sector
- Report: Genuine HR emails trigger suspicions after accidentally using common Phishing Tricks
Wireless network operator T-Mobile revealed that a security incident might have exposed the personal information of some of its customers. In a statement posted on its website, T-Mobile said that its security teams had discovered an instance of “malicious, unauthorized access” to some of its prepaid wireless account holders’ information. The notice clarified that the […]… Read More
The post T-Mobile Says Security Incident Might Have Affected Some Customer Data appeared first on The State of Security.
Bad news for T-Mobile prepaid customer, the US-based telecom giant T-Mobile today disclosed a new data breach incident.
The US branch of the
“We want to let you know about an incident that we recently identified and quickly corrected that impacted some of your personal information.” reads the data breach notice published by the company.
Our Cybersecurity team discovered and shut down malicious, unauthorized access to
Exposed data includes name and billing address, phone number, account number, rate plan and features, like whether a customer has added an international calling feature.
“Rate plan and features of your voice calling service are ‘customer proprietary network information’ (‘CPNI’) under FCC rules, which require we provide you notice of this incident,” continues T-Mobile.
No financial information, social security numbers, and passwords were accessed by the attackers.
At the time of writing the company did not reveal details of the intrusion or the extent of the incident.
T-Mobile confirmed to have taken the necessary steps to lock out the attackers and immediately notified law enforcement of the security breach.
The company is notifying only affected customers through email, users can contact Customer Care to receive support and information on the incident.
The company is urging affected customers to update the PIN/passcode to access their accounts, let me suggest to not affected users to do the same.
Customers should remain vigilant on possible phishing messages that can use stolen data to trick victims into revealing sensitive data, passwords and financial information such as credit card information.
Another suggestion for T-Mobile customers is to monitor their bank and payment card statements for any suspicious activity and report to the bank if they find any.
In August 2018, T-Mobile announced it has suffered a security breach that exposed the personal information of up to 2 million T-mobile customers.
(SecurityAffairs – data breach, T-Mobile)
The post T-Mobile discloses data breach affecting prepaid wireless customers appeared first on Security Affairs.