InfoSecBulletin Cybersecurity for mankind
According to a report by Surfshark, Malaysia was the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate in Q3 2023 was 144% higher than in Q2 2023, and around four Malaysian user accounts were leaked every minute.
TM suffers data breach again:
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
Customer data from Telekom Malaysia (TM) has been leaked on the dark web forum. A user revealed that they have stolen the entire customer database of the telco company.
The user says that there are almost 200 million entries in the data, out of which around 20 million are effective user data. The user also shared screenshots of the company’s customer database architecture documentation. The screenshots consist of 161 pages containing information about the structure, design, and functionality of the company’s customer database system.
TM has had data breaches before. In 2023, there was a breach affecting Unifi customers’ personal information. In 2022, 250,248 Unifi Mobile customers were affected by a breach involving customer names, phone numbers, and emails.
It was reported by The Star that TM released a statement stating that it had recently received a ransom note, leading to an immediate and thorough investigation to verify these claims.
It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.
It said it has informed the authorities, filed a police report, and is strengthening its cyber defenses to protect against similar threats.
Data breaches impact all data:
Old data can still be targeted by cybercriminals. They can hack encrypted data to decrypt it later. This shows the importance of data security for businesses.
For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future.
Here are several ways cybercriminals can still use old data:
Identity theft: Old data may have personal information that can be used to steal someone’s identity or access their accounts. A cybercriminal could use an old email and password to log in to a social media account and post harmful content or scam messages.
Fraud: Old data can be used by cybercriminals to make unauthorized transactions or purchases, such as buying goods or services online using an expired credit card number.
Blackmail: Old data may contain sensitive or embarrassing information, which can be exploited by cybercriminals to blackmail the victim for monetary gain or favors. For instance, an outdated photo or video can be used to threaten the victim by exposing it to the public or their contacts.
Phishing: Old data may include contact information that could be used to send fake or harmful emails or messages to the victim or people they know. For instance, a cybercriminal could use an old phone number to send a text pretending to be from a bank or government agency and ask for personal or financial information.
