July 12, 2024 at 04:02PM AT&T’s breach of a third-party cloud platform, Snowflake, exposed phone numbers and metadata of calls and texts for nearly all AT&T wireless customers and others. The data was accessed between April 14 and 25, 2023. The stolen information, including cell site identification numbers, poses risks to privacy and security, potentially … Read more
July 12, 2024 at 10:17AM AT&T suffered its second cyberattack this year, with data on “nearly all” wireless customers being compromised, including those with MVNOs. The breach on a third-party cloud platform exposed call and text metadata, potentially enabling customer geolocation. Around 110 million customers were affected, and the incident is linked to the Snowflake … Read more
June 17, 2024 at 07:30AM Amazon Web Services (AWS) is making multi-factor authentication (MFA) mandatory for specific users, starting with privileged users in 2024. This change is being gradually implemented, aiming to enhance security against credential-based attacks. Additionally, AWS introduced FIDO2 passkey support, enabling customers to use biometrics or device PINs for MFA across various … Read more
June 10, 2024 at 11:32PM Unknown financially motivated crime crew “UNC5537” has stolen a substantial amount of data from Snowflake customers by using stolen credentials. The crew may have ties to “Scattered Spider” and has targeted multiple organizations by compromising contractor systems. The theft was enabled by the absence of multi-factor authentication and the use … Read more
May 31, 2024 at 01:36PM A threat actor claimed to have breached Santander and Ticketmaster, stealing data from employee accounts at Snowflake, a cloud storage provider, with the intent to extort $20 million. Snowflake refuted the claims, attributing the breaches to poorly secured customer accounts. The company is investigating unauthorized access and advises customers to … Read more