News

T-Mobile app glitch and fake Booking.com pages

Dan Virgillito
September 25, 2023 by
Dan Virgillito

T-Mobile application glitch exposes sensitive customer data to other users, hackers use fake Booking.com pages to steal credit card info and the LuaDream malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.
 

1. T-Mobile app glitch exposes customer account info to other users

Last week, T-Mobile customers encountered an unsettling experience. Upon logging into their accounts, many spotted other users' data, ranging from purchase histories to addresses. While the extent remains uncertain, some users report accessing multiple accounts in a session. T-Mobile responded swiftly, attributing the glitch to a technology update and emphasizing it wasn't a breach. Yet, the incident heightens concerns, given the security hiccups T-Mobile faced earlier in the year.

Read more »

2. Hackers set up fake Booking.com pages targeting hotel-goers

Security researchers recently identified a sophisticated cyber attack aimed at the hospitality sector. Hackers breach hotel and travel agency systems, and then deceive customers with a fake Booking.com payment page. Through cleverly disguised reservation inquiries, they guide victims to malicious URLs, which launch harmful scripts hidden to spoof credit card info. Even though the page appears genuine, experts recommend that users remain wary of unsolicited links and always contact companies directly for transaction verification.

Read more »

3. Threat actor ‘Sandman’ attacks telcos with new LuaDream malware

Security firms recently identified a novel APT group targeting telecoms in Europe and Asia. Dubbed "Sandman", this group uses a unique backdoor, LuaDream, built on the LuaJIT platform. While Sandman's true identity remains elusive, traces of LuaDream suggest ties to the previously detected "DreamLand" malware. With discrete movements within infected networks, this group's primary objective seems to be cyberespionage. Researchers also emphasized the rarity of LuaJIT's use in such APT attacks.

Read more »

4. APT36 hackers using YouTube app clones to infect devices with RAT

SentinelLabs identified the APT36 hacking group using Android apps that imitate YouTube to deliver their 'CapraRAT' trojan. Distributed as APKs outside Google Play, victims likely receive social engineering prompts to install them. Once activated, the malware harvests data, records conversations and more. APT36 often targets Indian defense and government entities, and their evolving tactics mean these organizations are at a greater risk of suffering a data breach than other sectors.

Read more » 

5. China accuses U.S. of years of cyber espionage against Huawei servers

China's Ministry of State Security (MSS) has accused the U.S. National Security Agency of hacking Huawei servers since 2009. In a WeChat post, MSS details alleged cyber-espionage efforts, including using NSA-developed spyware called Second Date. The spyware targets multiple global regions, intensifying cyber tensions. Recent reports by the South China Morning Post and China Daily lend further credence to these claims, underlining the growing cyber discord between the two superpowers.

Read more »

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.
 

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.