Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

T-Mobile Hacked. Hacktivism strikes again

The year 2012 has started in the worst way in terms of cyber security, because we have observed several attacks settled successfully against military organizations and private companies. After the sensational case of the Zappos data breach and of the cyber escalation which Israel is a victim, also the company T-Mobile has suffered an attack. […]

The year 2012 has started in the worst way in terms of cyber security, because we have observed several attacks settled successfully against military organizations and private companies. After the sensational case of the Zappos data breach and of the cyber escalation which Israel is a victim, also the company T-Mobile has suffered an attack.
A few evidences of the hack in internet, except a list of credentials published in recent days on Pastebin. Pastebin is now the site considered by hackers showcase through used to advertize their own exploits in the world, a phenomenon in serious growth.

The origin of the gesture yet another protest made by a group of hacktivist called TeaMp0isoN who breached the official website of T-Mobile, one of the largest wireless communications providers in the world, leaking sensitive information regarding its staff.

The group accuses the company of providing support to monitoring activities of government, supporting
the application of the “Patriot Act law.”
The hackers have decleared:

“One of the main Reasons for the hack is Because They are corrupted, but we wanted to show how weak Also Their security is.”

The type of attack used is SQL injection, a vulnerability was exploited in the t-mobile.com and newsroom.t-mobile.com web site that have exposed the personal data of the company staff(eg names, email addresses, phone numbers and passwords of the administrators and staff members).

Hackers have also mocked the site administrators denouncing the usage of vulnerable credentials.

TeaMp0isoN is a well known group famous for other operations such as “Op Robin Hood”, “Op Free Palestine” and of the United Nations servers violation occurred in November.

The technique is always the same, to ridicule the opponents to show their inability, to express disagreement with the decisions and policies pursued by companies and government organizations.

Pierluigi Paganini

References

http://pastebin.com/HhaPZ1BE

T-Mobile Hacked by TeaMp0isoN, Administrators and Staff Exposed (Exclusive)

2012 – 01 -17  – Update

According to T-Mobile, the problem was limited to the T-Mobile USA newsroom. This claim seems plausible, with spot testing by The H’s associates at heise Security finding that the published credentials did indeed belong to newsroom staff. This would limit the scale of any problems arising as a result – the intruders may be able to publish fake press releases. Based on the information provided, private customer data was never at risk. Most of the passwords consist of a simple six-digit number composed of two numbers repeated such as “112112”. T-Mobile USA says that it has now fixed the vulnerabilities.

http://www.h-online.com/security/news/item/T-Mobile-USA-hacked-1414307.html