Plus, Shutterfly is hit by ransomware, and the world is surprised by “Y2K22”
“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” a T-Mobile spokesperson told BleepingComputer last week in response to questions about a new T-Mobile data breach. “This issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf,” the spokesperson added. SIM swapping, also known as SIM hijacking, occurs when a bad actor convinces a carrier’s employee, either through social engineering or outright bribery, to reassign SIM cards. The bad actor then gains control of the user’s account, including all saved passwords. T-Mobile provides guidance on the issue in its account takeover support page.
Ransomware attack staggers Shutterfly
Photo company Shutterfly issued a statement that parts of its network had been interrupted due to a ransomware attack. “We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident,” the company reported, noting that customer financial information was not stored in the affected network areas as well as the fact that Shutterfly doesn’t store customer financial data anywhere. A source told BleepingComputer, however, that a screenshot of the stolen data shows the last four digits of customers’ credit cards. Notorious ransomware group the Conti gang is behind the “double extortion” attacks, where files are both encrypted and stolen. If the victim doesn’t pay the ransom, the gang threatens to leak the stolen data. For more on this story, see CyberScoop.
Purple Fox malware spread by phony Telegram installer
Researchers have found that malware posing as an installer of the messaging app Telegram is spreading the Purple Fox backdoor, a way bad actors can enter and take over a system. First discovered in 2018, Purple Fox is a sly malware with rootkit capabilities that allow it to be planted beyond the reach of security software. An extra level of sneakiness was added to these Purple Fox infections, as they were designed as a series of small file executions, tiny attacks that flew under the radar yet ultimately added up to full infection. For more, see The Hacker News.
Patch released for “Y2K22” bug that disrupted email worldwide
Microsoft has provided a fix for the bug in Microsoft Exchange Server 2016 and 2019 that shut down on-premises mail delivery when the company released version 2201010001 on New Year’s Eve. The bug made it impossible to interpret 2022 as a valid date. As a result, on-premises servers all over the world crashed, just as 2021 was moving into 2022. The next day, Microsoft released a patch that could be administered manually or automatically. The fixes must be performed on every on-premises Exchange Server 2016 or 2019 inside an affected organization. For more, see Ars Technica.
FTC warns U.S. companies to protect against Log4j attacks
In a blog post, the U.S. Federal Trade Commission (FTC) reminded companies that it is their legal duty to take reasonable steps to mitigate software vulnerabilities that could affect their clients’ data, such as the ongoing Log4j attacks. Log4j is a logging tool that records transactions and customer activity. Recently, a serious vulnerability was discovered in the software, and attackers have been exploiting it with greater and greater frequency. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j,” the FTC wrote, including guidance and tips for any company that uses Log4j software.
This week’s ‘must-read’ on The Avast Blog