Another week, another cybersecurity news round up! Let’s dive in…
Verizon and AT&T customers reported a widespread outage beginning around 10am on Monday causing mobile phones to be stuck in SOS mode. Thankfully, the outage only lasted one day, with Verizon reporting that service was being restored at 5pm eastern that same day and service was fully restored by 7pm.
Customers experiencing this outage took to social media to share their experience. While it’s difficult to tell exactly how many people were affected by this outage, Downdetector showed around 100,000 reports from customers between the hours of 9 and 11am on the 30th, with AT&T also experiencing an increased number of outage reports during this time. It has not been confirmed what caused this outage.
(–Source: Laptop Mag Staff on Yahoo! News
Read More: Verizon and AT&T customers report phones are stuck in SOS: Here’s what to do about the widespread outage (yahoo.com) )
The Seattle Public Library was hit with a ransomware attack in May, and has announced that they expect to spend around $1 million in response by the end of 2024 as they continue to investigate if the hackers stole any personal information and what that information was. It’s expected that within the next 4 to 6 weeks library officials will have the data they need about what type of information was accessed and stolen during the attack.
The funds for this investigation will come from the Seattle Public Library’s budget for 2024, and is not expected to impact staffing levels. Once the investigation is complete, any affected individuals will be notified about any personal information that was compromised.
(–Source: The Seattle Times
Read More: Seattle Public Library to spend $1M on response to ransomware attack | The Seattle Times )
Over 3 years (2021, 2022, 2023), T-Mobile experienced significant data breaches that impacted tens of millions of its customers in the US. In response, T-Mobile has reached aa $31.5 million settlement agreement. Of these funds, $15 .75 million will go towards civil penalty, and the other $15.75 million will be used over the course of 2 years to strengthen the company’s cybersecurity program.
According to the FCC, with T-mobile being the nations third largest wireless carrier, the company needs to address “foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication” to better protect its customers as mobile networks are big targets for cybercriminals.
(–Source: Reuters
Read More: US reaches $31.5 million settlement with T-Mobile over data breaches | Reuters )
Meta has been fined $101 million for storing user passwords in plaintext. These hundreds of millions of passwords being stored this way makes them easily available to company employees.
In 2019, Meta said that its social media networks had stored user passwords in plaintext in a database which was accessed by 2,000 company engineers who queried the stash more than 9 million times. However, there is no evidence that these records were accessed improperly and they were not accessible to people outside of the organization. Regardless, this is still a major security failure on behalf of Meta, as having user passwords so easily accessible is a huge risk.
(–Source: Ars Technica
Read More: Meta pays the price for storing hundreds of millions of passwords in plaintext – Ars Technica )
Mid-September of this year, after Wells Fargo discovered that a former employee accessed customer information for fraudulent purposes, the company filed a notice of data breach.
During this breach, customer information such as Social Security numbers, addresses, birthdates, phone numbers, email addresses, driver’s license numbers, bank account information, credit card numbers, and other sensitive information was compromised. The information compromised varies depending on the individual.
Wells Fargo’s investigation into this incident revealed that the former employee had access to confidential information between May 2022 and March 2023. Individuals affected by this incident were recently sent data breach letters to notify them.
(–Source: JD Supra
Read More: Wells Fargo Announces Data Breach Involving Unauthorized Access by Former Employee | Console and Associates, P.C. – JDSupra )
The largest DDoS attack recorded to date was recently launched in a month-long pursuit on organizations in the financial, internet, and telecommunications sectors at 3.8 terabits per second. Cloudflare discovered that, while the devices infected (largely including Asus home routers, Mikrotik systems, DVRs, and web servers) by the attack were located all throughout the world, most were in Russia, Vietnam, the United States, Brazil, and Spain.
Cloudflare was able to mitigate all of these DDoS attacks autonomously. Before this feat, Microsoft held the record for defending against the largest DDoS attack (3.47 Tbps) targeting an Azure customer located in Asia.
(–Source:
Read More: Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (bleepingcomputer.com) )