Security News

T-Mobile US has begun admitting to the theft of 100 million user accounts in stages, confessing overnight that 8 million people's personal details had been stolen from its servers. In a statement the American mobile operator said: "Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued."

British defence tech specialist Ultra Electronics has been bought for £2.6bn by a US private equity firm, through a wholly owned UK subsidiary that was itself once a proud standalone business. Ultra's acquisition by Cobham Group plc, owned by US fund Advent International, sees the defence firm's shareholders receive £35 per share - as well as ownership of the critical Royal Navy supplier passing to a foreign entity, albeit one headquartered in an allied country.

T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web. The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.

The incentive for a business to implement a zero-trust architecture should be based on internal mandates, with consideration for how a security breach might impact others outside of the organization. A separate White House memorandum is already pushing critical infrastructure owners and operators to implement baseline security practices to protect national and economic security, as well as public health and safety.

The US Financial Industry Regulatory Authority warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.

Julian Assange has lost a legal scrap in court, this time over the US government's attempt to expand its grounds for extraditing him from England to stand trial in America. Uncle Sam is ultimately hoping to overturn a decision made in January blocking Assange's extradition on mental health grounds.

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

Y Purdy, CSO for Huawei USA, believes the US needs to be more active in the development of global security standards rather than being aloof. "The US has fundamentally dropped the ball when it comes to participation in global security standards," Purdy told The Register.

US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers. The tech giants are among firms signed on to be part of a Joint Cyber Defense Collaborative intended to combine government and private skills and resources to fight hackers, according to the Cybersecurity and Infrastructure Security Agency.

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Financial newswire Reuters reported that the suit was originally filed over allegations that former SolarWinds chief exec Kevin Thompson cut cybersecurity efforts in the hope of driving greater dividends into the pockets of major investors, Silver Lake and Thoma Bravo, who each reportedly held around 40 per cent of SolarWinds' stocks at the time.