Month: March 2024

Data from over 70 million AT&T users has allegedly been leaked and is being sold in hackers’ forums. Leaked data includes names, addresses, mobile phone numbers, email addresses, birth dates and social security numbers.

The leaked sample was analyzed by researchers such as HaveIBeenPwned, Dark Web Informer, and VX-Underground. All of them concluded that AT&T data being sold on hackers’ forums is legitimate.

The data is believed to have come from a 2021 breach executed by the hacker group ShinyHunters.

AT&T said that the information does not come from their systems.

Read more about it here.

The US Cybersecurity and Infrastructure Security Agency (CISA) agency hacked in February 2024 through vulnerabilities in Ivanti products. In response to the security breach, the agency had to shut down two crucial systems:

A system to facilitate the sharing of cyber and physical security assessment tools among federal, state, and local officials, and a system holding information related to the security assessment of chemical facilities. These systems are called the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT) respectively.

Ironically, CISA warned US organizations about attacks exploiting vulnerabilities in Ivanti software. On February 1, 2024, for the first time since its establishment, CISA ordered federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.

On February 29, CISA warned organizations again that threat actors are exploiting multiple vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

A spokesperson for CISA told CNN that the security breach did not impact the operations of the agency.

Read more about it here.

The 2023 FBI Internet Crime Report states that reported cybercrime losses reached $12.5 billion in 2023, up from $10.3 billion in 2022, a 21% increase. The number of complaints rose from 800,944 in 2022 to 880,418/

Investment fraud was once again the costliest type of crime tracked by IC3. Losses to investment scams rose from $3.31 billion in 2022 to $4.57 billion in 2023 – a 38% increase. The second-costliest type of crime was business e-mail compromise (BEC), with 21,489 complaints amounting to $2.9 billion in reported losses. Tech support scams, meanwhile, were the third-costliest type of crime tracked by IC3.

In the ransomware category, Healthcare and Public Health was the heaviest hit sector, followed by Critical Manufacturing and Government Facilities.

In terms of crime types, phishing/spoofing by far received the highest number of complaints, followed by personal data breach and non-payment/non-delivery.

Read more about it here.