Xiaomi added to US list of alleged Communist Chinese military companies

Chinese hardware manufacturer Xiaomi has been added to a list of alleged Communist Chinese military companies by the United States Department of Defense. “The Department is determined to highlight and counter the People’s Republic of China’s (PRC) Military-Civil Fusion development Read More …

T-Mobile data breach exposed phone numbers, call records

T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered Read More …

Australia: Communications department flags idea of tying telco licences to cyber capability

The Department of Infrastructure, Transport, Regional Development, and Communications has run up the flagpole the idea of inserting security provisions into the Telecommunications Act to require telcos to safeguard their systems as a condition of their licence to operate. Writing Read More …

Australia’s critical infrastructure definition to span communications, data storage, space

The federal government on Monday published an exposure draft on the Security Legislation Amendment (Critical Infrastructure) Bill 2020. It seeks to amend the Security of Critical Infrastructure Act 2018 to implement “an enhanced framework to uplift the security and resilience Read More …

US charges Iranian hackers for breaching US satellite companies

Three Iranian nationals have been indicted on charges of hacking US aerospace and satellite companies, the US Department of Justice announced today. Federal prosecutors accused Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati of orchestrating a years-long hacking campaign Read More …

New FritzFrog P2P botnet has breached at least 500 enterprise, government servers

A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. On Wednesday, cybersecurity firm Guardicore Labs published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors Read More …

Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations

A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls. Named ReVoLTE, researchers say this attack is possible because mobile operators Read More …

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The flaws open up handsets made by Google, Samsung, LG, Read More …

OilRig Targets Middle Eastern Telecom Organization and Adds Novel C2 Channel with Steganography to Its Inventory

While analyzing an attack against a Middle Eastern telecommunications organization, Unit 42 has discovered a variant of an OilRig-associated tool we call RDAT using a novel email-based command and control (C2) channel that relied on a technique known as steganography Read More …