An alleged T-Mobile hacker comes forward, a COVID-19 vaccination form scam, and more.
Welcome to Cyber Security Today. It’s Friday August 27th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
A 21-year-old American now living in Turkey says he was behind the recent T-Mobile hack of information on over 50 million current and former customers of the wireless carrier. According to a synopsis by the ZDNet news service, the man told the Wall Street Journal the hack was retaliation for allegedly being kidnapped by CIA and Turkish intelligence agents in 2019. He claimed he was able to break into the carrier’s network through an unprotected router. The man has filed a freedom of information request the FBI, the CIA and the U.S. Justice Department alleging he has been under investigation for computer crimes.
There’s lots of talk by governments and companies about requiring employees to provide proof of COVID-19 vaccination before entering places of business. Scammers have been quick to take advantage. According to the cybersecurity firm called INKY, crooks are sending out emails pretending to come from employees’ human resources department requiring them to fill in an attached COVID-19 vaccination form. Victims who click on the form go to what looks like a Microsoft Outlook web login page. From there they have to enter their username and password to see the form. And that’s the scam – to capture passwords. Of course, if your firm doesn’t use Outlook there’s no reason to enter a password. But victims who do enter a Microsoft password will find the next page asks them for their name and birth date. That’s a real tipoff this is a scam. You should remember there are lots of COVID-19 scams going on. If your manager hasn’t told you personally to expect a form like this, phone or speak to them for confirmation. Otherwise ignore it.
Experts regularly remind IT administrators of the importance of patching hardware and software as soon as possible. A report out this week from cybersecurity vendor Tenable is the latest to make the point. It looks at the importance of putting a priority on patching virtual private network appliances made by three big manufacturers: Citrix’s Application Delivery Controller, Pulse Connect’s Secure SSL VPN and Fortinet’s Fortigate SSL VPN. Vulnerabilities on all three devices were patched by January 2020, but hackers continue to find and exploit unpatched devices. And the reason this is important is VPNs are supposed to protect authorized users who connect remotely to an IT network. The report stresses that there’s no reason why IT departments haven’t yet patched these devices.
A California man has admitted to breaking into hundreds of Apple iCloud accounts while hunting for and sharing nude photos of young women. He did it by emailing victims and pretending to be an Apple customer support agent. Trusting women gave him their iCloud user IDs and passwords. According to a news report, he had over 62,000 photos and 9,000 videos, some of which had explicit images. Don’t trust unasked for IT support messages. Don’t surrender your passwords. And protect your email and cloud storage with multifactor authentication.
Finally, later today the Week in Review podcast will be out. Guest commentator Terry Cutler and I will talk about a configuration problem with Microsoft’s Power Apps platform, another victim of a business email compromise and how to stop ransomware.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.