Telecom company | Breaking Cybersecurity News | The Hacker News

The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency  said  the companies are subject to the Chinese government's exploitation, influence, and control, and could be forced to comply with requests for intercepting and misrouting communications, without the ability to challenge such requests. The Public Safety and Homeland Security Bureau further noted that equipment and services from ComNet and China Unicom could present an opportunity for the Chinese government to carry out espionage operations and gather intelligence against the U.S. Alternatively, they could also provide the Chinese government with a strategic capability to "target, collect, alter, block, and reroute network traffic." China Unicom also earned a place on the list fo...

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as  CVE-2022-29854  and  CVE-2022-29855  (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022. "Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user," SySS researcher Matthias Deeg said in a statement shared with The Hacker News. Specifically, the issue relates to a previously unknown functionality present in a shell script ("check_mft.sh") in the phones' firmware that's designed to be executed at system boot. "The shell script 'check_mft.sh,' which is located in the direc...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a note published on its website on Thursday night. Acc...

If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees. Although the telecom company did not disclose how the breach happened, when it happened, and exactly how many employees and users were affected, it did confirm that the leaked information on its users doesn't contain financial information like credit card and Social Security numbers. What type of information was accessed? The exposed data of an undisclosed number of affected users incl...

Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection. The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some of the customers using its prepaid services. What happened? In a statement posted on its website, T-Mobile said its cybersecurity team discovered a "malicious, unauthorized access" to information associated with an undisclosed number of its prepaid wireless account customers. However, the company did not disclose precisely how the breach happened, when it happened, and how the attackers unauthorizedly managed to access the private information of the company's prepaid customers. What type of information was accessed? The stolen data associated with customers' prepaid wireless accounts include their: names, phone numbers, billing addresses (if customers provided ...

A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals. Dubbed " MessageTap ," the backdoor malware is a 64-bit ELF data miner that has recently been discovered installed on a Linux-based Short Message Service Center (SMSC) server of an unnamed telecommunications company. According to a recent report published by FireEye's Mandiant firm, MessageTap has been created and used by APT41 , a prolific Chinese hacking group that carries out state-sponsored espionage operations and has also been found involved in financially motivated attacks. In mobile telephone networks, SMSC servers act as a middle-man service responsible for handling the SMS operations by routing messages between senders and recipients. Since SMSes are not designed to be encrypted, neither on transmitting nor on the telec...

T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach. According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an "unauthorized capture of some information" on Monday, August 20. Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 m...

Elisa , one of the biggest Finnish Internet Service Providers (ISP), claims to have achieved a new world record for 4G network with 1.9 gigabit-per-second (Gbps) data download speed using Huawei technology. Currently, Sweden and the United Kingdom have been crowned as the top countries across the world when it comes to fastest mobile 3G and 4G speeds, but now Finland is also working hard to give them a tough competition. Elisa set this record-breaking benchmark with the help of technology provided by Chinese telecom giant Huawei that could allow real-world mobile 4G users to download a Blu-ray film in just 40-45 seconds. 4G and 5G Technology: The future of Mobile Networks In February last year, a team of researchers from the University of Surrey managed to achieve a record-breaking speed of 1 Terabit per second (1Tbps) during a test of 5G wireless data connections, which is over 500 times faster than Elisa's 4G speed. While, in June last year, the International Tele...

The National Security Agency and its British counterpart, GCHQ , gained secret access to the German telecom companies' internal networks, including Deutsche Telekom and Netcologne, in an effort to " map the entire Internet — any device, anywhere, all the time. " As reported by German news publication Der Spiegel, citing the new set of leaked documents provided by former NSA contractor Edward Snowden, the five major intelligence agencies including NSA and GCHQ have been collaborating to get near-real-time visualization of the global internet as a part of NSA's ' Treasure Map ' surveillance program , also dubbed as "the Google Earth of the Internet." TREASURE MAP TRACKS YOU 'ANYWHERE AND ALL THE TIME' The data collected by the intelligence agencies doesn't just include information from large traffic channels, such as telecommunications cables. Rather, it also include information from every single device that is connected to the internet somewhere in the w...

Belgacom , the largest telecommunications company in Belgium today announced that their IT Systems were hacked and infected with an unknown Malware . In order to eliminate that virus effectively, they clean up the entire system. The company also highlights that they have no indication of any impact on their telecommunication services, customer and employee data. According to the complexity of the malware, it appears to be the work of a state-sponsored entity. Belgacom which handles some of the undersea cables that carry voice and data traffic around the world, so the NSA or Britain's GCHQ could be behind the intrusion. That traffic would be a likely target for an attacker. The attack reportedly affected a few dozen machines on Belgacom's network, including some servers and the intrusion had been active for as long as two years by the time the Belgian company discovered it. Hacked data might help intelligence agencies to gather data on communications coming fr...

The latest release from Edward Snowden shows that the Vodafone, BT, Verizon and some other total seven Private Telecom Companies have been secretly collaborating with the British spy agency, GCHQ and giving unlimited access to the details of phone calls, emails and Facebook entries. Another leak claimed that The US government has paid at least £100m to the UK spy agency GCH Q over the last three years to secure access to and influence over Britain's intelligence gathering programs. One of the PowerPoint presentations, dating 2009, mentions British Telecom, Verizon, Vodafone, Level 3, Global Crossing, Interoute and Viatel, and Sueddeutsche Zeitung calls them key partners of GCHQ. Snowden left the Moscow airport in a taxi, although his intended destination was not clear. The US said it was extremely disappointed by Russia's decision. According to Snowden, when handing over these documents, " It's not just a US problem " and he stated that, in fact, G...