The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders. (The Associated Press)
“This breach notification from AT&T is concerning since the data appears to be from 2019 or earlier and included Social Security numbers, passcodes as well as possibly other sensitive data. While AT&T should be reaching out to customers, this data has been and will be in the wild for some time. A proactive approach to review your credit history along with any accounts that may have shared passcodes is recommended. This is an example of why using Identity monitoring services and reviewing your Credit history at least annually is imperative to protect your identity and financial reputation.” – Brad Schrack, CISSP, Sr. Information Security Analyst at Ingalls Information Security |
The US House of Representatives has prohibited its staff members from using Microsoft's AI-driven chatbot, Copilot, according to a report by Axios. The ban was announced by the House's Chief Administrative Officer, Catherine Szpindor, who declared that Microsoft Copilot is "unauthorized for House use." (NewsBytes)
Computer scientists have uncovered a shockingly prevalent misconfiguration in popular enterprise cloud-based email spam filtering services, along with an exploit for taking advantage of it. The findings reveal that organizations are far more open to email-borne cyber threats than they know. (Dark Reading)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. (Help Net Security)
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. (BleepingComputer)
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo. (TechCrunch)
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. (The Hacker News)
SentinelLabs has discovered the emergence of a new embedded wiper variant known as "AcidPour," a malicious software linked to the "AcidRain" threat, which has surfaced in Ukraine. (SentinelLabs)
With the help of Interpol's cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly associated with the group. (BleepingComputer)