Monday , December 23 2024
Data breach

Malaysian telco provider has data breach : Claimed

According to a report by Surfshark, Malaysia was the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate in Q3 2023 was 144% higher than in Q2 2023, and around four Malaysian user accounts were leaked every minute.

TM suffers data breach again:

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies  Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)  Sophos resolved 3 critical vulnerabilities in Firewall

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability

Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
CVE-2023-48788  Kaspersky reveals active exploitation of Fortinet Vulnerability

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
U.S. Weighs Ban on Chinese-Made Router TP-Link:  WSJ reports

Daily Security Update Dated: 18.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 18.12.2024

Customer data from Telekom Malaysia (TM) has been leaked on the dark web forum. A user revealed that they have stolen the entire customer database of the telco company.

The user says that there are almost 200 million entries in the data, out of which around 20 million are effective user data. The user also shared screenshots of the company’s customer database architecture documentation. The screenshots consist of 161 pages containing information about the structure, design, and functionality of the company’s customer database system.

TM has had data breaches before. In 2023, there was a breach affecting Unifi customers’ personal information. In 2022, 250,248 Unifi Mobile customers were affected by a breach involving customer names, phone numbers, and emails.

It was reported by The Star that TM released a statement stating that it had recently received a ransom note, leading to an immediate and thorough investigation to verify these claims.

It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.

It said it has informed the authorities, filed a police report, and is strengthening its cyber defenses to protect against similar threats.

Data breaches impact all data:

Old data can still be targeted by cybercriminals. They can hack encrypted data to decrypt it later. This shows the importance of data security for businesses.

For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future.

Here are several ways cybercriminals can still use old data:

Identity theft: Old data may have personal information that can be used to steal someone’s identity or access their accounts. A cybercriminal could use an old email and password to log in to a social media account and post harmful content or scam messages.

Fraud: Old data can be used by cybercriminals to make unauthorized transactions or purchases, such as buying goods or services online using an expired credit card number.

Blackmail: Old data may contain sensitive or embarrassing information, which can be exploited by cybercriminals to blackmail the victim for monetary gain or favors. For instance, an outdated photo or video can be used to threaten the victim by exposing it to the public or their contacts.

Phishing: Old data may include contact information that could be used to send fake or harmful emails or messages to the victim or people they know. For instance, a cybercriminal could use an old phone number to send a text pretending to be from a bank or government agency and ask for personal or financial information.

Check Also

Bank of Uganda

Uganda confirms hack of central bank accounts, Refutes $17 Million Claim

Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole …

Leave a Reply

Your email address will not be published. Required fields are marked *