KW 33: T-Mobile confirms it was hacked, Hackers steal $600 million in cryptocurrency heist, US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure

NEWS

T-Mobile confirms it was hacked: T-Mobile confirmed hackers gained access to the telecom giant’s systems in an announcement published Monday. The move comes after Motherboard reported that T-Mobile was investigating a post on an underground forum offering for sale Social Security Numbers and other private data. The forum post at the time didn’t name T-Mobile, but the seller told Motherboard the data came from T-Mobile servers. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers. The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information, the seller said. The hacker says they are privately selling much of the data, but can supply 30 million social security numbers and driver license details for 6 bitcoin ($270,000). This data would be a prime target for identify theft.
vice.com, 9to5mac.com

Hackers steal $600 million in cryptocurrency heist: An unknown cyberthief or hacker group is returning some of the money after stealing an estimated $611 million from a cryptocurrency exchange in what’s being called one of the largest heists of its kind. The company, called Poly Network, revealed the incident in a tweet late Tuesday. In a separate statement posted on Twitter, Poly Network pleaded with the hacker, or hackers, to return the hacked assets. The plea appeared to work. Not long after the theft, the company said it received a message saying that the funds would be returned, though not how much. Poly Network said it instructed the hackers where to send the stolen cryptocurrency. By Wednesday afternoon, the person or persons behind the hack had returned $260 million, Reuters reported.
cbsnews.com

US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure: The US State Department has announced its intention to offer rewards of up to $10 million for any information that helps US authorities identify and locate threat actors “acting at the direction or under the control of a foreign government” that carry out malicious cyber activities against US critical infrastructure. The announcement comes after the US has seen an increase in cyber activity targeting its critical infrastructure sectors, including a spike in ransomware incidents. Some of these attacks, such as those on JBS Foods and Colonial Pipeline, impacted US food and fuel supply for days, even creating a small panic among the US population in certain areas. A new platform named “Rewards for Justice (RFJ)” was created by the US State Department to allow informants to submit anonymous tips and information in return for rewards in digital assets. The informants can choose whether or not to receive the compensation as cryptocurrencies. Intending users can submit tips via an unsecured Wi-Fi network called #Rewardsnotransoms on the platform, which was promoted at a Black Hat USA event that ran from July 31 to August 5 in Las Vegas.
therecord.media, btcpeers.com

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

Microsoft finds another security hole in printer software: A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it’s working to remediate the issue in an upcoming security update. The unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw, said the issue was disclosed to Microsoft in December 2020.
thehackernews.com

Fewer cyber attacks on Saxony’s state authorities in the first half of the year: In the first six months of this year, email attacks on state agencies using a malicious code fell to just over 9500, according to the German state’s chancellery. In 2020, there were about 12,500 mail attacks in the same period. In addition, in the first half of 2020, there were about 19,800 attacks on the systems via websites in the still unencrypted http code. This year, there were only 10,100 through June. Presumably, the attackers suspected insecurities among many employees in the spring of 2020 due to increased work in the home office, the statement said.
it-daily.net

Cyber attack on IT consulting firm Accenture: Global consulting firm Accenture, which offers cybersecurity services, has been hit by a cyber-attack. LockBit, a group of ransomware hackers that has recently carried out a series of attacks, has taken credit for the incident. LockBit is one of a number of Russian-speaking hacking gangs that avoids targeting any victims in former Soviet states, a measure that is believed to allow them to operate with tacit approval from the Russian government.
consulting.us, tech-gate.org

German politics: Coalition of CDU, SPD and FDP wants to do more for cyber security zeit.de
Security vulnerabilities in hardware and drivers: Intel makes security patches available for download heise.de
Interior ministry’s cybercrime report: Cybercrime in Austria will increase by 26.3 percent in 2020 derstandard.at
Digital vaccination passport: Pharmacies work through backlog following security gap br.de
Competence center: Companies to be made fit for cyber security wdr.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

In the first quarter of 2021, phishing attacks increased by 62 percent.
it-daily.net

BACKGROUND

Post-quantum chip has built-in hardware Trojan: A team at the Technical University of Munich (TUM) has created a computer chip that implements post-quantum cryptography particularly effectively. In future, such chips could protect against hacker attacks with quantum computers. The researchers have also built hardware Trojans into the chip. They want to investigate how such „malware from the chip factory“ can be debunked.
eenewseurope.com

Bundesbank opens new digital lab to use AI to search for credit risks: In the new digital lab „Innowerk“, 70 employees from different departments of the central bank will soon be working on various digital projects. These include, for example, the development of an early warning system for credit risks. Using artificial intelligence, real-time data on daily insolvency figures, Google trends on insolvencies and other indicators are to be evaluated. With this project, the Bundesbank is following the example of other commercial financial institutions that have already set up digital labs in various forms. The Bundesbank wants to keep pace with this development and strengthen cooperation with other central banks. This is also intended to drive forward the development of the digital euro.
handelsblatt.com

QUOTE

„After the incident, people around the globe went on the hunt for the hacker. You can’t steal $600 million and expect to stay in the dark.“
Gurvais Grigg, Global Public Sector Chief Technology Officer of blockchain analytics firm Chainalysis, has doubts about the Poly hacker’s self-stylization as a „white hat“ – by which is meant a hacker who has „good motives“ such as pointing out vulnerabilities in a system.
handelsblatt.com

– Anzeige –
IoT: SpaceX buys IoT satellite startup Swarm, Compatible smart home standard Matter not available until 2022 iot-ticker.net
Smartlife: Launch of smart living map, New Samsung smartwatches no longer support iOS smartlife-ticker.net
AI: Researchers use AI to unlock the secrets of ancient texts, State of AI applied to quality engineering report ai-ticker.net
Blockchain: MicroStrategy CEO Michael Saylor stands by Bitcoin investment, Cardano’s ADA surges as much as 22% after creator stokes hopes its smart-contract update is imminent blockchain-ticker.net

SECURE?

An electric pet – Xaomi announces robot dog for 1300 euros: Xiaomi has announced the CyberDog, an open-source quadruped robot intended for developers to “build upon” and create applications for. The machine, which resembles a beefier version of Boston Dynamics’ Spot, is a showcase for Xiaomi’s engineering know-how, including its proprietary servo motors. In terms of being able to experience the world, CyberDog has 11 sensors over its body, including touch and ultrasonic sensors, cameras and GPS to help it “interact with its environment.” Xiaomi says that this technology is good enough to enable CyberDog to follow its owner and navigate around obstacles. It is also capable of identifying posture and tracking human faces, enabling it to pick out and track individuals in a group. Running the show is a version of NVIDIA’s Jetson Xavier NX, which has been dubbed the world’s smallest AI supercomputer.
techcrunch.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings