Data Breaches on the Rise: AT&T and Acronis Latest Victims
Data breaches have been on the rise in recent years, with two of the latest victims being AT&T and Acronis. We take a look at these two new data breaches and the measures being taken to protect users.
AT&T Suffers Data Breach Affecting 9 Million Users
AT&T, the largest mobile services provider in the US, recently reached out to customers over a data breach affecting around 9 million users. According to the company, an unauthorized person breached a vendor’s system and gained access to Customer Proprietary Network Information (CPNI), which usually includes user information such as first name and services users purchased from telecoms, including the number of lines on an account and wireless plans. Although the notification letter didn’t specify what data was leaked, AT&T assured customers that no sensitive personal information, such as Social Security number or credit card information was accessed, and that the vulnerability was fixed.
The company has contacted law enforcement agencies as well as the Federal Communications Commission and the vulnerability has been fixed. AT&T has suffered data breaches before, however, the latest claim of 70 million user records was denied.
Data Breach at Acronis Downplayed
Acronis, a Swiss cyber security and data backup company, was reportedly hacked on February 9. The hacker, Kernelware, claimed to have accessed and published sensitive data including certificate files, system configurations, command logs, system information logs, and backups of the company’s file system. They also claimed to have obtained Python scripts and screenshots of backup operations. Acronis responded to the breach by downplaying the incident and assuring customers that no sensitive data was accessed.
Launch of Nexus Malware to Steal Banking Data
Cyber security researchers at Civil Research and Intelligence Labs Krill have uncovered a new Android banking Trojan called Nexus. It is being distributed through phishing pages disguised as legitimate websites for YouTube Advanced such as udobanced.net and uwevinbad.net. Nexus is capable of stealing banking data.
Black Snake Ransomware Slithers Out of Chaos Shadows
Civil has reported that Black Snake, a new ransomware strain, has emerged as the latest variant of the Chaos ransomware family following Onyx and the Ashmont. According to the report, Black Snake is being spread via phishing emails and social engineering tactics.
DDoSecrets Releases Oakland City Data, Threatens with Another Leak
Oakland City, California faces the threat of another massive data leak after Play ransomware released 10 GB of stolen data with a threat to leak more if the ransom demands are not met. The compromised files contain sensitive data including police assignments, Social Security numbers, and lawsuit settlement agreements.
WBMs Vulnerabilities Pose Risk to Life and Critical Infrastructure
WACO web-based Management (WBM) Systems have been found to have four serious vulnerabilities that could allow attackers to launch cross-site scripting attacks, remotely execute code, set device parameters, and more. These vulnerabilities are particularly concerning as they could be exploited to harm critical infrastructure, control Wego programmable logic controllers (PLCs), and disrupt heavy machinery, thus posing a danger to the life of engineers.
Data breaches are becoming increasingly common and it’s more important than ever to stay vigilant. Stay safe and we’ll see you tomorrow with another security update!