T-Mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
T-Mobile data breaches cost company $31.5 million
In a settlement with the Federal Communications Commission (FCC), T-Mobile has agreed to pay a total of $31.5 million following a series of data breaches over the last few years. The settlement includes $15.75 million in civil fines and and the other half of the money is to be spent on bolstering the companies cybersecurity measures, including adopting zero trust architectures and multi-factor authentication. The breaches which started in 2021, involving millions of current, former, and prospective customers, exposed personal details like Social Security numbers, driver’s license numbers, and other personal information.???
Iranian hackers charged for targeting 2024 U.S. election
The U.S. has charged three Iranian hackers from the Islamic Revolutionary Guard Corps (IRGC) for targeting the 2024 presidential election through cyberattacks aimed at multiple political campaigns, including former President Donald Trumps, and Vice President Kamala Harris. The hackers attempted to influence the election in opposition to Trump’s re-election, which is unlike Russia’s campaigns which typically favor the Trump campaign. The charges include identity theft and unauthorized access to computers, with spear-phishing and social engineering. Along with charges, the U.S. government has placed sanctions and offered a $10 million reward for information leading to the hackers’ capture.
Deepfake scam hits U.S. senate
U.S. Senator Ben Cardin says he was the victim of an elaborate deepfake operation that impersonated a former Ukrainian Foreign Minister. The operation, which nearly duped the high-ranking government official, involved a fake Zoom call with what appeared to be a live audio-video connection, which seemed normal based on previous conversations the senator’s office had had with this Ukrainian official. It wasn’t until the imposter started asking specific questions such as demanding an answer on the senator’s stance on long-range missiles into Russian territory that Cardin’s staff ended the call. At which point staff confirmed the call was indeed fake. There is currently an open investigation into the situation.
Patelco Credit Union breach worse than first reported?
This shouldn’t come as a total surprise, as is often the case with data breaches, but the initial number of over 700,000 impacted by a ransomware attack on Patelco Credit Union this summer has now risen to over 1 million. While the credit union has not confirmed who was responsible, the RansomHub ransomware gang has claimed credit for the attack, which initially forced the company to take its online banking services, mobile app, and call center offline. The stolen data included common PII such as names, driver’s license numbers, and Social Security numbers.
领英推荐
(Security Week) ???
Huge thanks to our sponsor, SpyCloud
North Korean hackers breach German missile manufacturer
North Korean hackers linked to the Kimsuky APT group successfully targeted Diehl Defence, a German missile manufacturer, by using spear-phishing emails with fake job offers. The attack involved booby-trapped PDF files and advanced social engineering tactics designed to steal login credentials. The breach marks major concerns due to the sensitive nature of the manufacturer’s work on air defense systems, including a recent contract with South Korea.
Global news giant AFP suffers cyberattack
One of the world’s largest news agencies with presence in 150 countries, Agence France-Presse (AFP), disclosed they were the victim of a cyberattack last Friday that impacted part of its IT systems and disrupted content delivery to some clients, though the attack did not interfere with any worldwide news coverage. AFP did not identify who may be responsible for the attack, and in an official statement said they are currently working to resolve the incident.?
Breach in paradise?
Another small U.S. community is taking a hit from ransomware. The Community Clinic of Maui disclosed they were the victim of the LockBit ransomware gang earlier this year, with the data of over 120,000 people impacted. The clinic touts itself as a facility offering services ranging from primary care, dental, and mental health for anyone, regardless of their ability to pay. A wide range of PII was stolen, including Social Security numbers and sensitive medical information, such as treatments and diagnosis.
State CISO’s struggle with budget constraints?
As per the story above, it seems a local community is being hit by a cyberattack every week, and new research shows why that might be. According to a new report from Deloitte and the National Association of Chief Information Officers (NASCIO), nearly 40% of U.S. state CISOs believe their cybersecurity budgets fall short of what they need to keep their citizens safe. In fact, more than a third stated they do not have a dedicated cybersecurity budget. The majority of CISOs surveyed said third-party breaches were the biggest threat they currently face, followed by AI-enabled attacks and foreign state-sponsored espionage.