Hackers Had Years-Long Access to Potentially Billions of Text Messages Processed for Top Carriers
Facebook outage was not a cyberattack, Anonymous releases part three of Epik breach, Lawmakers unveil new bill to designate important critical infrastructure, FireEye is now officially Mandiant, more
 |
Check out my latest column in CSO Online about the FCC’s proposed rules to address SIM swapping and port-out fraud.
Syniverse, a company that processes 740 billion text messages every year for AT&T, T-Mobile, Verizon, Vodafone, and China Mobile, among other top carriers, revealed in an SEC filing that hackers had been inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.
Syniverse said that an unknown "individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers." One former employee said that those systems have information on all types of call records.
The company said that it discovered the breach in May 2021, but the hack began in May 2016. Senator Ron Wyden (D-OR) said that the FCC needs to get to the bottom of what happened, determine whether Syniverse's cybersecurity practices were negligent, identify whether Syniverse's competitors have experienced similar breaches, and then set mandatory cybersecurity standards for this industry.” FCC Acting Commissioner Jessica Rosenworcel agreed with Wyden and said her agency would get to the bottom of what happened. (Lorenzo Franceschi-Bicchierai / Motherboard)
Related: Newsweek, Pixel Envy, Reddit, Newsweek, The Mac Observer, Security Affairs, Infosecurity Magazine, Insider, Daily Beast, SEC.gov
Ron Wyden @RonWyden
The information flowing through Syniverse’s systems is espionage gold. The FCC needs to get to the bottom of what happened here, and then set mandatory cybersecurity standards for this industry. I’ll be watchdogging this in the days and weeks to come. https://t.co/kJEINANm8y
Although speculation ran rampant yesterday during the six-hour-long outage of Facebook, Instagram, and WhatsApp that a cyberattack was underway, in the end, it was clear that networking issues and not malfeasance were the source of the downtime.
To be sure, cybersecurity specialists predominately blamed the outage on DNS (domain name server) problems throughout the day, invoking the adage that “it’s always DNS.” As Cloudflare explained in its analysis, the absence of working BGP (border gateway protocol) routes made it impossible for users to find the relevant DNS servers. In a post, Facebook said, “We apologize to all those affected, and we’re working to understand more about what happened today so we can continue to make our infrastructure more resilient.” (Steven J. Vaughan-Nichols / ZDNet)
Related: Benzinga, TechStory, teiss, Axios, RT News, The Sun, GeekWire Original, MediaNama, New on MIT Technology Review, Candid.Technology, The Sun, The South African, The Guardian, New York Times, Wall Street Journal, Financial Times, Cloudflare, Facebook Engineering, ZDNet, Cyberscoop, Ars Technica
Hackers operating under the banner of hacktivist group Anonymous have released more data from their massive breach of hard-right website hosting and domain registrar Epik.
In a press release titled “You Lost The Game,” the group announced on Monday part three of what it has dubbed “Operation EPIK FAIL.” This latest round allegedly contains more bootable disk images of Epik’s servers as well as a data backup linked to the Republican Party of Texas, which is said to include “private documents” and “draft articles that didn’t make the narrative cut.” Independent journalist Steven Monacelli first reported this third leak. (Mikael Thalen / Daily Dot)
Mikael Thalen @MikaelThalen
The Texas GOP provided me the following statement regarding the leak of its data today. The leak, which came as a result of the Epik hack, includes internal emails as well as the personal data of volunteers, donors, job applicants, poll watchers, & more. https://t.co/1o0v6FYDqE https://t.co/zTYDNkfEwtResearchers Nicole Fishbein and Ryan Robinson from security firm Intezer disclosed how they identified misconfiguration errors across Apache Airflow servers run by major tech companies.
These errors resulted in many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies, including popular platforms and services such as Slack, PayPal, and Amazon Web Services (AWS). The most common reason for credential leaks seen on Airflow servers was insecure coding practices. (Ax Sharma / Bleeping Computer)
Related: The Hacker News, ZDNet, Security Affairs, Intezer
Notorious spyware purveyor NSO said in a letter to the United Nations that it has “strong support for the creation of an international legal framework” to govern technology that allows for highly invasive snooping on people’s mobile phones.
NSO said in the letter that it took the allegations made by a broad consortium of international media outlets who reported on abuses of the company’s main surveillance product Pegasus “extremely seriously.” NSO said it had launched an immediate investigation after the scandal blew up in July. The September 30 letter from NSO follows demands by human rights experts at the UN for a moratorium on such digital surveillance technology until regulation is implemented. (Katy Lee and Fabien Zamora / AFP)
Related: Economic Times, Tech Xplore
House Homeland Security Committee ranking member John Katko (R-NY)) and Rep. Abigail Spanberger (D-VA) introduced the Securing Systemically Important Critical Infrastructure Act, which would authorize the Cybersecurity and Infrastructure Security Agency (CISA) to establish a process to designate groups as systemically important critical infrastructure (SICI).
Under the bill, CISA would be required to work with sector risk management agencies to establish the criteria around what organizations qualify as SICI and give owners and operators of these critical groups access to priority cybersecurity programs. (Maggie Miller / The Hill)
Related: Cyberscoop
The Department of Homeland Security (DHS), in partnership with the National Institute of Standards and Technology (NIST), released a roadmap to help organizations protect their data and systems and to reduce risks related to the advancement of quantum computing technology.
The roadmap's goal is to help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems. (Dave Nyczepir / Fedscoop)
Related: Signal, The Record by Recorded Future, DHS News Releases, Telecom Live
Arizona launched its new cyber command center to deal with threats to state and local government computers.
The state’s Department of Homeland Security will run the center, a central location for cybersecurity professionals and local, state, and federal agencies to prevent and respond to cyberattacks. (Associated Press)
Related: AZ Capitol Times
The Lodi Unified School District in California said a cybersecurity issue, most likely a ransomware attack, crippled its networks and phone systems starting on Sunday.
The district is working quickly to restore the network and phone lines, but it’s unclear how long that will take. Most of the schools in the district are currently on an Autumn break. (Giacomo Luca / ABC 10)
Related: KCRA, California News-Times
Cybersecurity giant FireEye is officially changing its name to Mandiant and will trade under the MNDT symbol on the Nasdaq exchange starting October 5.
The move follows FireEye’s deal to sell its products business, including the FireEye name, to a consortium led by Symphony Technology Group. (Ciara Linnane / Marketwatch)
Related: Dark Reading, Computer Weekly
Photo by Priscilla Du Preez on Unsplash