#DataProtection

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

by

November 19, 2024 at 02:57AM T-Mobile has confirmed it was targeted by Chinese threat actors, known as Salt Typhoon, during a prolonged cyber espionage campaign. Although no significant impact on T-Mobile’s data has been reported, the situation highlights broader vulnerabilities in U.S. telecoms, including potential theft of sensitive communications. Investigations continue. ### Meeting Takeaways 1. … Read more

Brave on iOS adds new “Shred” button to wipe site-specific data

by

November 18, 2024 at 05:48PM Brave Browser 1.71 for iOS introduces “Shred,” a privacy feature enabling users to delete site-specific browsing data without affecting others. It deletes cookies, local storage, and caches either manually or automatically. While it enhances user privacy, some data may persist due to Apple restrictions. Android and desktop versions are forthcoming. … Read more

T-Mobile US ‘monitoring’ China’s ‘industry-wide attack’ amid fresh security breach fears

by

November 18, 2024 at 03:48PM T-Mobile US is monitoring an industry-wide cyber-espionage campaign believed to be conducted by Chinese government-backed hackers. Though the company has not confirmed being compromised, it stated there were no significant impacts or evidence of data theft. The FBI recently reported similar breaches across multiple telecoms. **Meeting Takeaways:** 1. **Cyber-Espionage Campaign … Read more

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

by

November 18, 2024 at 12:14PM Fake Bitwarden ads on Facebook promote a malicious Chrome extension that steals user data. This phishing campaign, identified by Bitdefender Labs, uses deceptive tactics to mimic the Chrome Web Store. Users are advised to ignore update prompts and only install extensions from trusted sources to avoid risks. ### Meeting Takeaways: … Read more

Palo Alto Networks Releases IoCs for New Firewall Zero-Day

by

November 18, 2024 at 08:19AM The CISO Forum Virtual Summit sessions are now available for instant viewing. SecurityWeek offers extensive resources on various cybersecurity topics, including malware, ransomware, incident response, and risk management. Subscribe to their Daily Briefing Newsletter for the latest news and expert insights. Unsubscribe anytime. ### Meeting Takeaways: 1. **CISO Forum Virtual … Read more

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

by

November 18, 2024 at 07:19AM DeepData malware, developed by the China-linked APT41 (BrazenBamboo), exploits a zero-day vulnerability in Fortinet’s Windows VPN to steal credentials. It uses plugins for data surveillance and has similarities with the LightSpy malware. Volexity reports its capabilities and infrastructure, revealing significant operational resources behind these attacks. **Meeting Takeaways:** 1. **DeepData Malware … Read more

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)

by

November 18, 2024 at 07:03AM Cybercriminals are increasingly exploiting vulnerabilities and human trust, affecting everyone and every organization. Recent threats include a zero-day flaw in Palo Alto firewall, hijacked domains, and phishing job offers targeting LinkedIn users. To defend against attacks, regular system updates and cybersecurity awareness are essential. ### Meeting Takeaways – Cybersecurity / … Read more

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

by

November 18, 2024 at 06:03AM A phishing campaign, attributed to a Chinese group named SilkSpecter, targets e-commerce shoppers in Europe and the U.S. ahead of Black Friday. Using fake sites mimicking brands, it aims to steal personal information and financial data through bogus discounts and SEO strategies. Victims may also face follow-up attacks. **Meeting Takeaways: … Read more

T-Mobile Also Targeted in Chinese Telecom Hacking Campaign

by

November 18, 2024 at 04:32AM T-Mobile has been a target of the Chinese group Salt Typhoon in a significant espionage campaign aimed at U.S. telecom companies. This incident highlights ongoing cybersecurity threats in the telecommunications sector. **Meeting Takeaways:** 1. **Targeted Company:** T-Mobile. 2. **Threat Actor:** Chinese group named Salt Typhoon. 3. **Nature of Incident:** Major … Read more

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

by

November 17, 2024 at 07:42PM A teenager, Alan Filion, pleaded guilty to making over 375 fake threats, known as “swatting.” Facing up to 20 years in prison, he conducted these calls targeting institutions and individuals to extort money. Meanwhile, cybersecurity updates reveal ongoing vulnerabilities in Metabase and D-Link devices, alongside rising online scams tracked by … Read more