InfoSecBulletin Cybersecurity for mankind
According to a report by Surfshark, Malaysia was the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate in Q3 2023 was 144% higher than in Q2 2023, and around four Malaysian user accounts were leaked every minute.
TM suffers data breach again:
Microsoft’s Alarming Report: 600 Million Cyberattacks perday
CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX
Over 90 Zero-Days, 40+ N-Days Exploited In The Wild
Oracle Security Update, 334 Vulnerabilities Patched
Chrome 130 Launches with Patches for 17 Security Vulnerabilities
Researchers Break RSA Encryption with Quantum Computing
Shadowserver's data
87000+ Fortinet devices still open to attack?
Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack
RansomHub Targets Bangladeshi Confidence Group
Hackers using ChatGPT create malware, OpenAI confirm
Customer data from Telekom Malaysia (TM) has been leaked on the dark web forum. A user revealed that they have stolen the entire customer database of the telco company.
The user says that there are almost 200 million entries in the data, out of which around 20 million are effective user data. The user also shared screenshots of the company’s customer database architecture documentation. The screenshots consist of 161 pages containing information about the structure, design, and functionality of the company’s customer database system.
TM has had data breaches before. In 2023, there was a breach affecting Unifi customers’ personal information. In 2022, 250,248 Unifi Mobile customers were affected by a breach involving customer names, phone numbers, and emails.
It was reported by The Star that TM released a statement stating that it had recently received a ransom note, leading to an immediate and thorough investigation to verify these claims.
It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.
It said it has informed the authorities, filed a police report, and is strengthening its cyber defenses to protect against similar threats.
Data breaches impact all data:
Old data can still be targeted by cybercriminals. They can hack encrypted data to decrypt it later. This shows the importance of data security for businesses.
For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future.
Here are several ways cybercriminals can still use old data:
Identity theft: Old data may have personal information that can be used to steal someone’s identity or access their accounts. A cybercriminal could use an old email and password to log in to a social media account and post harmful content or scam messages.
Fraud: Old data can be used by cybercriminals to make unauthorized transactions or purchases, such as buying goods or services online using an expired credit card number.
Blackmail: Old data may contain sensitive or embarrassing information, which can be exploited by cybercriminals to blackmail the victim for monetary gain or favors. For instance, an outdated photo or video can be used to threaten the victim by exposing it to the public or their contacts.
Phishing: Old data may include contact information that could be used to send fake or harmful emails or messages to the victim or people they know. For instance, a cybercriminal could use an old phone number to send a text pretending to be from a bank or government agency and ask for personal or financial information.
