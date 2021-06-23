Proprietary Software and Security
T-Mobile Confirms Major Hack, Social Security Numbers And Drivers License Data Exposed
Earlier this week reports emerged that T-Mobile was investigating a massive hack of the company's internal systems, resulting in hackers gaining access to a massive trove of consumer information they were selling access to in underground forums. Initial estimates were that the personal details of 100 million customers had been accessed (aka all T-Mobile customers). After maintaining radio silence as it investigated the hack, T-Mobile has since released a statement detailing the scale of the intrusion. In short, it was smaller than initial claims, but still massive and terrible:
BlackBerry goes where no security vendor has gone before [iophk: Windows TCO]
Security vendor BlackBerry has gone where no other firm in its space has, by providing links to ransomware leaks on the dark web, something that is studiously avoided by both infosec outfits and journalists.
In a post published last month, the company provided a link to the leak site of the Hive ransomware, another Windows-only malware group. The link provided at that time is still valid on Friday morning AEST.
Ransomware attack knocks out systems at Ohio and W. Virginia healthcare provider [iophk: Windows kills]
The ransomware attack, detected on Aug. 15, was described by Memorial as an information technology security incident. As a result, user access to IT applications was suspended and temporary disruptions to aspects of clinical applications occurred.
Further, the hospital was forced to cancel all urgent surgical cases and radiology exams on Monday. Primary care appointments went ahead as scheduled.
Malware attacks in Africa are increasing, reaching 85 million in 6 months – Kaspersky
Malware is rife across Africa, with various countries exhibiting strong growth in all malware types in the first half of 2021. This is a 5% increase in the region, as cybercriminals and [crackers] continue to focus on African countries considering digital transformation advancements and the increase in remote working resulting from the COVID-19 pandemic, cyber security company Kaspersky has said.
Kerberos Authentication Spoofing: Don’t Bypass the Spec
One might think – if the client and server are the same, why do I need the client/server exchange? The password is verified during the Authentication Service exchange, so that should be enough. This thought process sounds legit, only they forgot the first rule of fight club: Don’t deviate from the spec.
Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
We also have the first collision: two images that hash to the same value.
The next step is to generate innocuous images that NeuralHash classifies as prohibited content.
Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers
Apple has reignited a legal battle with Corelluim days after settling with the security firm over an ongoing lawsuit against the company for providing a virtual environment for security researchers that recreates its operating system.
Apple on Tuesday filed an appeal of a December ruling in which a judge dismissed an argument that Corellium had infringed Apple’s copyright by offering researchers a simulated environment that emulates Apple’s iOS software. The environment allows researchers to hunt for bugs via a controllable browser that can be rebooted, instead of jailbreaking an actual iPhone.
