telecommunications

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

by

May 13, 2024 at 06:22AM Cybersecurity researchers disclosed critical security flaws in Cinterion cellular modems, potential targets for threat actors, risking access to sensitive information and code execution. The flaws, including heap overflow, privilege escalation, and exposure of sensitive information, were presented at OffensiveCon. Recommendations to mitigate threats include disabling non-essential SMS messaging and conducting … Read more

AT&T Says Data on 73 Million Customers Leaked on Dark Web

by

March 30, 2024 at 11:06PM AT&T disclosed that data pertaining to about 73 million current and former customers, including social security numbers, was revealed on the dark web. The telecom firm suspects the data dates back to 2019 or earlier, affecting around 7.6 million current account holders and 65.4 million former account holders. AT&T assured … Read more

ChatGPT side-channel attack has easy fix: token obfuscation

by

March 17, 2024 at 10:37PM Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer … Read more

230k Individuals Impacted by Data Breach at Australian Telco Tangerine

by

February 23, 2024 at 07:33AM Telecommunications provider Tangerine revealed a recent cyberattack where the personal information of 230,000 individuals was stolen from a legacy customer database. The compromised data includes names, addresses, dates of birth, and contact details, but not credit card or banking information. The company is taking steps to prevent similar incidents and … Read more

China’s Volt Typhoon spies broke into emergency network of ‘large’ US city

by

February 14, 2024 at 04:05PM Chinese government’s Volt Typhoon spy team has compromised a US city’s emergency services network and is targeting American telecom providers alongside ongoing reconnaissance of electric companies. Dragos CEO Robert Lee expressed concern over the strategic nature of the targets. The espionage extends to African electric providers, and the spies have … Read more

Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

by

January 16, 2024 at 10:01PM Nokia has launched a dedicated business unit for government sales in the USA, reflecting Washington’s concerns about national infrastructure security. The move comes amid US efforts to remove Chinese-made equipment from its networks due to security worries. Nokia is tailoring its portfolio and sales team to meet federal government needs, … Read more

Ukraine’s largest mobile carrier Kyivstar down following cyberattack

by

December 12, 2023 at 10:47AM Ukraine’s largest telecom provider, Kyivstar, suffered a cyberattack impacting over 25 million subscribers, causing mobile and internet service disruption. The company attributed the attack to hackers, involving law enforcement. There’s speculation of Russian involvement amid the ongoing conflict. Subscribers can access Vodafone Ukraine’s roaming services, and utilize internal roaming during … Read more

Chilean telecom giant GTD hit by the Rorschach ransomware gang

by

October 25, 2023 at 06:07PM Chile’s telecommunications company, Grupo GTD, experienced a cyberattack on its Infrastructure as a Service (IaaS) platform, resulting in disruptions to services, including data centers, internet access, and Voice-over-IP (VoIP). The attack involved the Rorschach ransomware variant, which utilizes DLL sideloading vulnerabilities in legitimate executables to inject a ransomware payload and … Read more

Chinese ‘Stayin’ Alive’ Attacks Dance onto Targets With Dumb Malware

by

October 11, 2023 at 05:23PM Chinese APT group “ToddyCat” is using simple but constantly evolving custom backdoors and loaders to target telecommunications organizations in Central and Southeast Asia. The group, previously linked to Chinese espionage operations, uses spear phishing emails with archive files to exploit a DLL sideloading vulnerability. While the malware used by ToddyCat … Read more