Security News

According to AT&T, the threat actor accessed phone call and text message records, including which phone numbers customers interacted with and, in some cases, cell site ID numbers. AT&T first became aware of the attack on April 19 after "a threat actor claimed" to have accessed the data, according to AT&T's SEC filing about the incident.

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attackA new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks. Zero-day patched by Microsoft has been exploited by attackers for over a yearCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed.

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "Nearly all" of its wireless customers as well as customers of mobile virtual network operators using AT&T's wireless network. This comprises telephone numbers with which an AT&T or MVNO wireless number interacted - including telephone numbers of AT&T landline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month.

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators made from May 1 to October 31, 2022 and on January 2, 2023.

Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by "Nearly all" of AT&T's cellular customers from May to October 2022, the company has confirmed. "Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T's cellular customers, customers of mobile virtual network operators using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022," AT&T detailed.

AT&T's email servers are blocking connections from Microsoft 365 due to a "High volume" spam wave originating from Microsoft's service. Starting on Monday, AT&T customers began reporting they could no longer receive email from Microsoft 365 email addresses.

The Federal Trade Commission is sending out $6,300,000 in partial refunds to 267,000 former AT&T Wireless customers as part of a data throttling settlement in 2019. The action follows a 2014 lawsuit by the FTC claiming that AT&T did not fully disclose the terms of its so-called "Unlimited data plans" to customers, specifically the fact that their data speeds would be significantly reduced after they hit a certain data consumption threshold.

AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021.

How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts. A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.

AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. The lawsuit alleges that AT&T failed to adequately protect customers' personal data, leading to a cyberattack and subsequent data breach that exposed sensitive information for 73 million people.