T-Mobile app glitch and fake Booking.com pages
T-Mobile application glitch exposes sensitive customer data to other users, hackers use fake Booking.com pages to steal credit card info and the LuaDream malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. T-Mobile app glitch exposes customer account info to other users
Last week, T-Mobile customers encountered an unsettling experience. Upon logging into their accounts, many spotted other users' data, ranging from purchase histories to addresses. While the extent remains uncertain, some users report accessing multiple accounts in a session. T-Mobile responded swiftly, attributing the glitch to a technology update and emphasizing it wasn't a breach. Yet, the incident heightens concerns, given the security hiccups T-Mobile faced earlier in the year.
2. Hackers set up fake Booking.com pages targeting hotel-goers
Security researchers recently identified a sophisticated cyber attack aimed at the hospitality sector. Hackers breach hotel and travel agency systems, and then deceive customers with a fake Booking.com payment page. Through cleverly disguised reservation inquiries, they guide victims to malicious URLs, which launch harmful scripts hidden to spoof credit card info. Even though the page appears genuine, experts recommend that users remain wary of unsolicited links and always contact companies directly for transaction verification.
3. Threat actor ‘Sandman’ attacks telcos with new LuaDream malware
Security firms recently identified a novel APT group targeting telecoms in Europe and Asia. Dubbed "Sandman", this group uses a unique backdoor, LuaDream, built on the LuaJIT platform. While Sandman's true identity remains elusive, traces of LuaDream suggest ties to the previously detected "DreamLand" malware. With discrete movements within infected networks, this group's primary objective seems to be cyberespionage. Researchers also emphasized the rarity of LuaJIT's use in such APT attacks.
4. APT36 hackers using YouTube app clones to infect devices with RAT
SentinelLabs identified the APT36 hacking group using Android apps that imitate YouTube to deliver their 'CapraRAT' trojan. Distributed as APKs outside Google Play, victims likely receive social engineering prompts to install them. Once activated, the malware harvests data, records conversations and more. APT36 often targets Indian defense and government entities, and their evolving tactics mean these organizations are at a greater risk of suffering a data breach than other sectors.
5. China accuses U.S. of years of cyber espionage against Huawei servers
China's Ministry of State Security (MSS) has accused the U.S. National Security Agency of hacking Huawei servers since 2009. In a WeChat post, MSS details alleged cyber-espionage efforts, including using NSA-developed spyware called Second Date. The spyware targets multiple global regions, intensifying cyber tensions. Recent reports by the South China Morning Post and China Daily lend further credence to these claims, underlining the growing cyber discord between the two superpowers.
Phishing simulations & training