Telecom Giant AT&T says Personal Data from 73M Accounts has been Leaked onto the Dark Web
AT&T is investigating how tens of millions of former and current customers had their personal information leaked on the dark web earlier this month.
In addition to the 7.6 million current AT&T customers affected, the telecom giant said in an announcement Saturday about 65.4 million former customers “had some data released” within the data set, which “appears to be from 2019 or earlier.”
Leaked onto the dark web two weeks ago, the data set had personal information including Social Security numbers and data from “AT&T data-specific fields.” The “compromised data” does not contain personal financial information or call history, AT&T said.
The company is investigating the incident but said “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”
AT&T said it has contacted all 7.6 million current customers who were impacted and reset their passcodes after it learned “that a number of AT&T passcodes have been compromised,” according to its note to customers.
The company will contact all current and past customers whose “sensitive personal information” was compromised and has launched “a robust investigation supported by internal and external cybersecurity experts.”
Additionally, AT&T encouraged “customers to remain vigilant by monitoring account activity and credit reports” and included links to credit bureaus in its note to customers.
Read: https://www.usatoday.com/story/tech/2024/03/30/att-data-breach-leak-dark-web/73156048007/
Exposed: Jeffrey Epstein’s Island Visitors Tracked and Revealed
This WIRED article investigates visitors to convicted sex offender Jeffrey Epstein’s island. Near Intelligence, a company linked to the defense industry, tracked nearly 200 mobile devices visiting the island. The tracking occurred before Epstein’s death, and included where these visitors came from and where they went. Despite Epstein’s crimes, wealthy and influential people seemed undaunted in their habitual visits to “Epstein Island” (there are other names for it, but would probably trip your spam filters).
“The data pinpointed exact routes taken to the island, including movements within the property.”
“Near Intelligence meticulously collected and analyzed this data, providing detailed information about how visitors traveled to and around the island. This surveillance persisted until Epstein’s final arrest in 2019. The data not only documented visits to the island but also revealed travel patterns across the United States and other countries. The extensive nature of this tracking raises concerns about privacy and safety, particularly for Epstein’s victims.”
Facing financial difficulties and criticism, Near Intelligence rebranded itself as Azira. The article underscores the ongoing challenges in regulating the sale of location data and protecting individual privacy in an increasingly interconnected world.
Read: https://www.wired.com/story/jeffrey-epstein-island-visitors-data-broker-leak/
Israel’s Action Against Al Jazeera Sparks Free Speech Debate
On April 1, 2024, Israel’s Prime Minister Benjamin Netanyahu said Al Jazeera had to stop broadcasting in Israel because of security worries. This came after a new law gave top ministers power to shut down foreign news agencies if they thought they were a threat. Netanyahu moved quickly, upon the law being approved, saying, “Al Jazeera will no longer broadcast from Israel.”
Netanyahu has been upset with Al Jazeera’s reporting for some time. The law, passed with a large majority in the Knesset and enabled the Prime Minister and Communications Minister to close foreign news networks and confiscate their equipment.
The White House criticized the move, calling it “worrying”. Al Jazeera has refuted all claims and allege being targeted for their criticizism of Israel’s actions in Gaza.
Read: https://reclaimthenet.org/israel-passes-law-giving-itself-power-to-temporarily-shut-down-al-jazeera
Lawsuit Reveals Facebook Streaming Business Shutdown Linked to Netflix’s Ad Spending, Allowing Access to User DMs
During April of the previous year, Meta revealed its decision to halt the support for original shows on the Facebook Watch platform, including popular programs like Jada Pinkett Smith’s Red Table Talk. This move effectively spelled the end of Meta’s streaming business, which was once seen as a contender to YouTube and Netflix. As a result, Facebook ceased the production of original series, and the Facebook Watch app is no longer available for video streaming. The downfall of Meta’s streaming enterprise appears to be linked to cost-cutting measures, which also entailed significant workforce reductions.
According to Gizmodo’s findings, a letter was submitted on April 14 as part of a class-action antitrust lawsuit filed by Meta customers. The lawsuit accuses Meta of engaging in anti-competitive practices that negatively impact social media competition and consumers. The recently disclosed letter urges the court to compel Reed Hastings, the founder and former CEO of Netflix, to provide a response to a subpoena for documents that the plaintiffs assert are pertinent to the case.
In December, Meta announced the implementation of end-to-end encryption for all personal chats and calls on Messenger and Facebook. Back in 2018, Facebook stated to Vox that it does not utilize private messages for ad targeting. However, a few months later, The New York Times, citing extensive Facebook documents, reported that Facebook granted Netflix and Spotify access to read private messages of Facebook users. Facebook has denied allegations of permitting third-party companies to view private messages of its users.
Read: https://arstechnica.com/gadgets/2024/03/netflix-ad-spend-led-to-facebook-dm-access-end-of-facebook-streaming-biz-lawsuit/
Google settles “Incognito” lawsuit
As reported in an earlier edition, Google was sued when plaintiffs discovered that the browser’s “incognito mode” wasn’t so incognito after all. The company was retaining browsing and other data that violated end user privacy.
They’ve now settled that lawsuit, and has commited to deleting the data (that they shouldn’t have been collecting in the first place).
Pro tip: The Brave browser, which is a fork of the same Chromium codebase has a privacy mode that uses Bittorrent – which I’ve been experimenting with lately and find it to be pretty usable, compared to some slower Tor browsers of yore.
Read: https://www.zerohedge.com/technology/google-settles-incognito-suit-commits-wiping-user-browsing-data
After Years of Careful Infiltration, Playing The Long Game: ‘xz utils’ Software Backdoor Uncovered in Years Long Infiltration Operation in Hacking Plot that Spans Multiple Years
A widely used linux file compression software package called “xz utils” has been discovered to have a cleverly embedded system for backdooring shell loginssh login connections.
It is currently unclear how far reaching this dangerous package supply chain attack goes. It has succeeded in to getting into countless internet-enabled devices. The persona who injected the backdoor (a contributor on the xz utils repository) seems to have been playing the long game, gaining the confidence of the legitimate main developer to receive the authorization to release new versions themselves.
Andreas Freund, a Microsoft developer, reported the presence of a backdoor in upstream xz/liblzma on an industry oss-security mailing list. Freund specifically mentioned that the issue with the xz libraries was on the 5.6.0 and 5.6.1 versions, urging users to immediately stop using the former and to downgrade to xz-5.4.x.
Freund discovered the issue when he noticed a 500 milisecond delay in his ssh logins and began to investigate.
The vulnerability in – the XZ format compression utilities included in most Linux distributions – may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. However, they note “Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by Linux distributions, and where they have, mostly in pre-release versions.”
“The author intentionally obfuscated the backdoor in distribution tarballs, intended for Linux distributions to use for building their packages. When the xz build system is instructed to create an RPM or DEB for the x86-64 architecture using gcc and gnu linker, the backdoor is included in the liblzma as part of the build process. This backdoor is then shipped as part of the binary within the RPM or DEB.”
Other distributions are also likely affected by this if bleeding-edge versions are used. SUSE has published a downgrade procedure for those running openSUSE. Debian says that stable versions are unaffected, but those using the testing, unstable, and experimental distributions may be affected.
This was a close one folks. Could have been much worse.
Read: https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
Elsewhere Online:
DinodasRAT Malware Exploits Linux Servers in Espionage Campaign
Read: https://www.bleepingcomputer.com/news/security/dinodasrat-malware-targets-linux-servers-in-espionage-campaign/
Mobile Security Platform Zimperium Includes McAfee Impersonating Trojan Vultur in Top 10 Most Active Banking Trojans for 2023
Read: https://www.bleepingcomputer.com/news/security/vultur-banking-malware-for-android-poses-as-mcafee-security-app/
Unconventional Malware Conceals China-Linked Threat Actor’s Activities
Read: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Google Ads Used by Hackers to Distribute Malware Targeting Slack and Notion Users
Read: https://www.darkreading.com/cyberattacks-data-breaches/attackers-use-google-ad-feature-to-target-slack-notion-users
New Google Chrome Device Bound Session Credentials (DBSC) Aim to Minimize Cookie Theft
Read: https://www.securityweek.com/chrome-to-fight-cookie-theft-with-device-bound-session-credentials/
Previously on #AxisOfEasy
Les Brown