T-Mobile confirms breach, AnnieMac data stolen, NewGlove malware threat
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
T-Mobile confirms telecom breach hack
T-Mobile has now confirmed was hacked as part of the wave of telecom breaches that were conducted by Chinese threat actors, as we reported on Friday and earllier. As reported in the Wall Street Journal, the company says “its systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information.” This hack was part of a large scale attack performed by China-linked threat actors, targeting individuals who are primarily involved in government or political activity. One report suggests the attacks came through “vulnerabilities in Cisco routers responsible for routing internet traffic,” but Cisco has previously stated there were no indications that their equipment was breached during these attacks.
Customer data stolen from AnnieMac
The American Neighborhood Mortgage Acceptance Company better known as AnnieMac has revealed that between August 21 and 23, an unknown intruder “viewed and/or copied” some customer data. This data includes names and social security numbers. Representatives from AnnieMac have stated it currently has “no evidence” to suggest that data has been abused on the dark web.
(The Register )
New Glove infostealer malware bypasses Chrome’s cookie encryption
Researchers at security firm Gen Digital have identified a new stealer malware that can “bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies.” The researchers call this malware “relatively simple and contains minimal obfuscation or protection mechanisms,” which suggests that it likely is in early development stages. The New Glove infostealer uses a common social engineering technique where “potential victims get tricked into installing malware using fake error windows displayed within HTML files attached to the phishing emails.”
NSO Group continued to exploit WhatsApp even after lawsuit
A recent court filing from the Northern District of California Oakland Division shows that Israel-based NSO Group developed additional malware to use WhatsApp to infect victims even after WhatsApp had sued the leading spyware vendor over allegations that it violated federal and state anti-hacking laws. After having detected NSO Group’s malicious messages in May 2019, WhatsApp, owned by Meta, made changes to disable the exploit, but NSO Group “then developed a new malware vector […] that continued using WhatsApp as an installation vector through at least May 2020.” The filing also suggests that NSO Group continued to operate its spyware, contradicting past claims from the Israeli firm that its customers chose how to use it.(Cyberscoop )
Huge thanks to our sponsor, ThreatLocker
New Windows zero-day activated by mouse clicks
This is a medium severity flaw with a CVE number and which has been recently patched by Microsoft. According to researchers at ClearSky, “it can be exploited with minimal interaction from the user, such as deleting a file or right-clicking on it.” It affects the MSHTM engine, which is used through WebBrowser control by Edge in Internet Explorer mode,” allows threat actors authenticate as the targeted user by performing pass-the-hash attacks. An advisory from Microsoft published November 12 states that “minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability.”
Turkey fines Twitch for data breach
This comes from Turkey’s Personal Data Protection Board who launched an investigation after a 125 GB data leak. The Board found that Twitch had “failed to take adequate security measures beforehand, addressing the issue only afterward. It also said risk and threat assessments had been insufficient.” The breach in question affected over 35,000 individuals in Turkey. KVKK imposed a 1.75 million lira fine for inadequate security and 250,000 lira for failing to report the breach, which converts to about $58,00 USD. Twitch, owned by Amazon, has not yet issued any comment.
(Reuters )
DEEPDATA steals VPN credentials through unpatched Fortinet flaw, reveals significant persistence
This malware comes courtesy of a threat actor known as BrazenBamboo who, according to a report from Volexity posted on Friday, is exploiting an unresolved security flaw in Fortinet’s FortiClient for Windows. The goal is to extract VPN credentials. It was actually discovered earlier last week, by BlackBerry, who “detailed the Windows-based surveillance framework as used by the China-linked threat actor to harvest data from a range of chat apps including WhatsApp, Telegram, Signal, WeChat, Skype, and Microsoft Outlook.” The BlackBerry threat researchers added in their report, “since their initial development of the LightSpy spyware implant in 2022, this attacker has been persistently and methodically working on the strategic targeting of communication platforms, with the emphasis on stealth and persistent access.”
Google offers predictions on biggest security threats facing businesses in 2025
This is the time of year when everyone in the cybersecurity business offers their predictions for the new year. Google is early out of the gate with its Cybersecurity Forecast 2025. On its naughty list this year, in brief, are: the use of AI for phishing, vishing, social engineering and deepfakes for identity theft, fraud, and for bypassing security measures; AI for Information Operations, meaning the creation of persuasive content for nefarious purposes; increased activity from the Big Four: Russia, China, Iran, and North Korea; ransomware and multifaceted extortion as the most disruptive form of cybercrime; more infostealer malware; lower barriers to entry for less-skilled actors, compromised identities, and decreased time to exploit vulnerabilities. A link to the report is available in the show notes to this episode.