GPRS | Breaking Cybersecurity News | The Hacker News

Threat hunters have discovered a new Linux malware called  GTPDOOR  that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges ( GRX ) The  malware  is novel in the fact that it leverages the GPRS Tunnelling Protocol ( GTP ) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are beyond the reach of their home mobile network. This is facilitated by means of a GRX that transports the roaming traffic using GTP between the visited and the home Public Land Mobile Network ( PLMN ). Security researcher haxrob, who discovered two  GTPDOOR   artifacts  uploaded to VirusTotal from China and Italy, said the backdoor is likely linked to a known threat actor tracked as  LightBasin  (aka UNC1945), which was previously disclosed by CrowdStrike in October 2021 in connection with a series of attacks targeting the telecom sector to steal subscriber information and call metadata. "When run, the f

High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week. "This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America." Called the GPRS Tunnelling Protocol ( GTP ), the affected Internet Protocol (IP)-based communications standard defines a set of rules governing data traffic over 2G, 3G, and 4G networks. It also forms the basis for GPRS core network and its successor Evolved Packet Core ( EPC ), thus making it possible for users to keep connected to the Internet while moving from one place to the ot

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or