AT&T said that data on roughly 73 million current and former customers was exposed on the dark web, including social security numbers and other personal information.
Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.
The company says the incident has not had a material impact on its operations.
Late last month the telco experienced an outage that knocked out cellphone service for many of its customers across the US, but the company said the outage was not caused by a cyberattack
A critical backdoor vulnerability (CVE-2024-3094) was found in XZ Utils versions 5.6.0 and 5.6.1, affecting several Linux distributions, including Fedora 41 and Fedora Rawhide, openSUSE, and Kali Linux, but not Red Hat Enterprise Linux (RHEL), stable Debian versions, or Ubuntu. Users are advised to check their system’s XZ Utils version using ‘xz –version’ and, if affected, either update the utility, downgrade to XZ Utils 5.4.6, or disable SSH. MacOS users can downgrade by running ‘brew upgrade’. A free scanning tool by Binarly is also available to detect the backdoor.
Heartbleed turns 10 years old on April 1st and Quantum Bleed is a future problem that many companies will face if they aren’t prepared to handle it. Quantum bleed is basically heart bleed, but it has longer term effects and google is already taking precautions by reducing the lifespan of their certificates to 398 days but will reduce it even further to 90 days in the future. It is also said that certificates might need to be reduced even further than 90 days to reduce the effects of quantum bleed. Not all companies have not made the migration to changing their cryptographic infrastructure and their software updates as well as software signatures. Quantum bleed is more of a mid-term to long term affect and NIST is already working on a draft of post quantum cryptography standards.
https://www.infosecurity-magazine.com/news/atandt-confirms-73m-customer-data/
AT&T has confirmed the authenticity of a dataset containing details of 73 million current and former customers, which surfaced on a dark web marketplace around March 17. The dataset includes information dating back to 2019 or earlier, affecting approximately 7.6 million current account holders and 65.4 million past customers. While AT&T has acknowledged the alignment of specific data fields with its records, it remains uncertain whether the data originated from AT&T or one of its vendors. An investigation is ongoing, and the source of personal information, such as social security numbers, is still being evaluated. AT&T has not found evidence of unauthorized access to its systems leading to the removal of the dataset but is engaging with affected individuals and offering credit monitoring services where appropriate. Current and former customers are advised to update their login credentials, monitor their credit, and practice sound cyber hygiene.
https://www.darkreading.com/cyberattacks-data-breaches/attackers-use-google-ad-feature-to-target-slack-notion-users
Attackers are exploiting a Google Ad feature to distribute malware, particularly targeting users of workplace collaboration tools like Slack and Notion. AhnLab Security Intelligence Center discovered that the campaign utilizes Google Ads’ ad-tracking feature to embed URLs leading to malware downloads, notably the Rhadamanthys stealer. This malware masquerades as legitimate installers for widely-used groupware, tricking users into downloading and executing malicious files. Once executed, Rhadamanthys aims to exfiltrate private data from users’ systems, including browser history, cookies, and login credentials, by embedding itself into legitimate Windows files. This campaign highlights the need for vigilance when clicking on ad-delivered URLs and underscores the broader risks associated with malware distribution through ad platform
Boat Dealer MarineMax Confirms Data Breach https://www.securityweek.com/boat-dealer-marinemax-confirms-data-breach/
MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.
According to reports, the data breach at MarineMax was caused by a ransomware attack. In this case, the Rhysida ransomware group claimed responsibility for the attack, indicating that they gained unauthorized access to MarineMax’s systems, encrypted the data, and stole sensitive information. The breach resulted in the theft of employee and customer data,
However, the details of how the Rhysida ransomware group gained unauthorized access to MarineMax’s systems are private. However, standard methods used by ransomware groups to gain access include Phishing attacks, Vulnerabilities, weak passwords, misconfiguration systems
To prevent these types of attacks, organizations must be vigilant and implement robust security measures, such as employee training, patch management, strong password policies, and network segmentation.
Prudential Financial recently notified over 36,000 individuals of a data breach that occurred in early February 2024, with personal information compromised. The breach, attributed to the Alphv/BlackCat ransomware group, involved unauthorized access to company systems containing administrative data. While no identity theft or fraud has been reported, Prudential has initiated measures such as offering two years of complimentary credit monitoring and enhancing security protocols to prevent future breaches.
Ooreofeoluwa Koyejo says
AT&T Says Data on 73 Million Customers Leaked on Dark Web
https://www.securityweek.com/att-says-data-on-73-million-customers-leaked-on-dark-web/
AT&T said that data on roughly 73 million current and former customers was exposed on the dark web, including social security numbers and other personal information.
Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.
The company says the incident has not had a material impact on its operations.
Late last month the telco experienced an outage that knocked out cellphone service for many of its customers across the US, but the company said the outage was not caused by a cyberattack
Eyup Aslanbay says
A critical backdoor vulnerability (CVE-2024-3094) was found in XZ Utils versions 5.6.0 and 5.6.1, affecting several Linux distributions, including Fedora 41 and Fedora Rawhide, openSUSE, and Kali Linux, but not Red Hat Enterprise Linux (RHEL), stable Debian versions, or Ubuntu. Users are advised to check their system’s XZ Utils version using ‘xz –version’ and, if affected, either update the utility, downgrade to XZ Utils 5.4.6, or disable SSH. MacOS users can downgrade by running ‘brew upgrade’. A free scanning tool by Binarly is also available to detect the backdoor.
https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils
Jon Stillwagon says
https://www.securityweek.com/heartbleed-is-10-years-old-farewell-heartbleed-hello-quantumbleed/
Heartbleed turns 10 years old on April 1st and Quantum Bleed is a future problem that many companies will face if they aren’t prepared to handle it. Quantum bleed is basically heart bleed, but it has longer term effects and google is already taking precautions by reducing the lifespan of their certificates to 398 days but will reduce it even further to 90 days in the future. It is also said that certificates might need to be reduced even further than 90 days to reduce the effects of quantum bleed. Not all companies have not made the migration to changing their cryptographic infrastructure and their software updates as well as software signatures. Quantum bleed is more of a mid-term to long term affect and NIST is already working on a draft of post quantum cryptography standards.
Bo Wang says
https://www.infosecurity-magazine.com/news/atandt-confirms-73m-customer-data/
AT&T has confirmed the authenticity of a dataset containing details of 73 million current and former customers, which surfaced on a dark web marketplace around March 17. The dataset includes information dating back to 2019 or earlier, affecting approximately 7.6 million current account holders and 65.4 million past customers. While AT&T has acknowledged the alignment of specific data fields with its records, it remains uncertain whether the data originated from AT&T or one of its vendors. An investigation is ongoing, and the source of personal information, such as social security numbers, is still being evaluated. AT&T has not found evidence of unauthorized access to its systems leading to the removal of the dataset but is engaging with affected individuals and offering credit monitoring services where appropriate. Current and former customers are advised to update their login credentials, monitor their credit, and practice sound cyber hygiene.
Yannick Rugamba says
https://www.darkreading.com/cyberattacks-data-breaches/attackers-use-google-ad-feature-to-target-slack-notion-users
Attackers are exploiting a Google Ad feature to distribute malware, particularly targeting users of workplace collaboration tools like Slack and Notion. AhnLab Security Intelligence Center discovered that the campaign utilizes Google Ads’ ad-tracking feature to embed URLs leading to malware downloads, notably the Rhadamanthys stealer. This malware masquerades as legitimate installers for widely-used groupware, tricking users into downloading and executing malicious files. Once executed, Rhadamanthys aims to exfiltrate private data from users’ systems, including browser history, cookies, and login credentials, by embedding itself into legitimate Windows files. This campaign highlights the need for vigilance when clicking on ad-delivered URLs and underscores the broader risks associated with malware distribution through ad platform
Celinemary Turner says
Boat Dealer MarineMax Confirms Data Breach
https://www.securityweek.com/boat-dealer-marinemax-confirms-data-breach/
MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.
According to reports, the data breach at MarineMax was caused by a ransomware attack. In this case, the Rhysida ransomware group claimed responsibility for the attack, indicating that they gained unauthorized access to MarineMax’s systems, encrypted the data, and stole sensitive information. The breach resulted in the theft of employee and customer data,
However, the details of how the Rhysida ransomware group gained unauthorized access to MarineMax’s systems are private. However, standard methods used by ransomware groups to gain access include Phishing attacks, Vulnerabilities, weak passwords, misconfiguration systems
To prevent these types of attacks, organizations must be vigilant and implement robust security measures, such as employee training, patch management, strong password policies, and network segmentation.
Edge Kroll says
https://www.securityweek.com/36000-impacted-by-prudential-financial-data-breach/
Prudential Financial recently notified over 36,000 individuals of a data breach that occurred in early February 2024, with personal information compromised. The breach, attributed to the Alphv/BlackCat ransomware group, involved unauthorized access to company systems containing administrative data. While no identity theft or fraud has been reported, Prudential has initiated measures such as offering two years of complimentary credit monitoring and enhancing security protocols to prevent future breaches.