#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

AT&T | Breaking Cybersecurity News | The Hacker News

New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices

New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices

Dec 01, 2021
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it  EwDoor , noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window. "So far, the EwDoor in our view has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor," the researchers  noted . "Based on the attacked devices are telephone communication related, we presume that its main purpose is DDoS attacks, and gathering of sensitive information, such as call logs." Propagating through a flaw in EdgeMarc devices, EwDoor supports a
Pakistani Man Bribed AT&T Insiders to Plant Malware and Unlock 2 Million Phones

Pakistani Man Bribed AT&T Insiders to Plant Malware and Unlock 2 Million Phones

Aug 06, 2019
United States federal government has charged a Pakistani national for bribing employees at AT&T telecommunication company over a period of five years to help unlock more than 2 million phones and plant malware on the company's network. Muhammad Fahd, a 34-year-old man from Pakistan, was arrested in Hong Kong last year in February at the request of the U.S. government and just extradited to the U.S. on Friday, August 2, 2019. According to an indictment unsealed Monday, Fahd recruited and paid AT&T insiders working at a call center in Bothell, Washington, more than $1 million in bribes between 2012 and 2017 to help them unlock cell phones associated with specified IMEI numbers that otherwise were not eligible to be removed from AT&T's network. Some telecommunication companies, including AT&T, Verizon, T-Mobile, and Sprint, sell flagship phones at discounted prices, but it comes with locked SIMs that prevent users from switching their network service for any
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices

Dec 14, 2017
Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who've signed up to DirecTV service at risk. The vulnerability actually resides in WVBR0-25 —a Linux-powered wireless video bridge manufactured by Linksys that AT&T provides to its new customers. DirecTV Wireless Video Bridge WVBR0-25 allows the main Genie DVR to communicate over the air with customers' Genie client boxes (up to 8) that are plugged into their TVs around the home. Trend Micro researcher Ricky Lawshae, who is also a DirecTV customer, decided to take a closer look at the device and found that Linksy
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Meet the NSA's Best Friend in Spying On The Internet

Meet the NSA's Best Friend in Spying On The Internet

Aug 20, 2015
Fed up with the NSA-Snowden updates ? Wait a second...there's some more! Back in May 2013, when former NSA employee Edward Snowden leaked classified documents from the U.S. National Security Agency (NSA), we doubted the relationship between NSA and telecommunications giant AT&T. But, now their relationship has been revealed – NSA and AT&T are Best Friends . Yes, that's right, as recent revelations say that how desperately NSA relied on AT&T for its vast spying operations in the United States. NSA–AT&T's 30-Years-Old Friendship AT&T provided telecommunication interception facility to the United States' National Security Agency (NSA), and since 1985 they have been working hand in hand . AT&T cooperated in provided technical assistance in a manner that followed a secret court order which permitted the wiretapping of all Internet communications at the United Nations headquarters (also a customer of AT&T). Acc
AT&T Suffers Data Breach, Customers' Personal Information Compromised

AT&T Suffers Data Breach, Customers' Personal Information Compromised

Jun 18, 2014
AT&T has confirmed a security data breach in which attackers have compromised the security of a number of its mobile customers and stolen personal information including Social Security numbers and call records. Back in April this year, AT&T suffered a data breach in which some of its customer information, including birth dates and Social Security numbers had been inappropriately accessed by three employees of one of its third-party vendors, in order to generate codes that could be used to unlock devices. Moreover, the hackers would have also been able to access its users' credit report with Customer Proprietary Network Information (CPNI) during the process without proper authorization, that means the information related to what subscribers purchase from AT&T would also have been compromised. The Dallas-based telecommunications giant did not specify the number of customers or type of information affected by this data breach, but state law requires such di
Cybersecurity Resources