T-Mobile App Glitch Exposes Customer Data ๐Ÿšจ

Sep 22 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s got that Friday feeling ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

๐Ÿ”’ Trend Micro's Critical Security Update ๐Ÿ”’

Trend Micro has released vital patches for a high-risk security flaw (CVE-2023-41179) actively exploited by attackers in Apex One and Worry-Free Business Security solutions for Windows. Ensure prompt updates to stay secure. Limit console access to trusted networks as a temporary fix. ๐ŸŒ

๐Ÿ›ก๏ธ CISA Adds Nine Flaws to KEV Catalog ๐Ÿ›ก๏ธ

CISA adds nine actively exploited vulnerabilities to its KEV catalogue, affecting Realtek SDK, Zyxel EMG2926 Routers, Laravel Ignition, Samsung Mobile Devices, Owl Labs Meeting Owl, and MinIO. GitLab has patched a critical vulnerability (CVE-2023-5009) โ€“ update now! Stay vigilant in the digital world! ๐Ÿ’ป๐Ÿ”

๐Ÿฉน Apple Rushes to Patch 3 Zero Day Flaws ๐Ÿฉน

Apple has released security updates to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari. The vulnerabilities could allow attackers to bypass signature validation, elevate their privileges, or execute arbitrary code.

The updates are available for the following devices and operating systems:

  • iOS 16.7 and iPadOS 16.7

  • iOS 17.0.1 and iPadOS 17.0.1

  • macOS Monterey 12.7 and macOS Ventura 13.6

  • watchOS 9.6.3 and watchOS 10.0.1

  • Safari 16.6.1

Apple recommends that all users install the updates as soon as possible. ๐Ÿ“ฑ๐Ÿ’ป

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ“ฑ T-Mobile app glitch let users see other people's account info ๐Ÿ‘€

  • ๐Ÿ’ต Another $40m paid out to Western Union fraud victims ๐Ÿ˜”

  • ๐ŸŒŽ Australia to build six 'cyber shields' to defend its shores ๐ŸŒŠ

T-MALbile ๐Ÿ™ˆ

๐Ÿšจ T-Mobile App Glitch Exposes Customer Data ๐Ÿšจ

T-Mobile customers recently faced a concerning issue as they could access other people's account and billing details via the company's mobile app. The exposed info included names, phone numbers, addresses, account balances, and partial credit card data. Some users reported seeing multiple people's sensitive data.

Despite user reports on social media, T-Mobile clarified that this wasn't a cyberattack or breach. It resulted from a temporary system glitch during a planned update, affecting fewer than 100 customers. The issue has been resolved.

This isn't T-Mobile's first data security incident. In May, they disclosed their second data breach in 2023, following previous breaches since 2018. It's essential to stay vigilant and take precautions with your data.

๐Ÿ’ก Data Breach History ๐Ÿ’ก

T-Mobile has faced multiple data breaches since 2018, affecting various aspects of customer information. They are actively working to enhance security measures to prevent future incidents.

Stay informed about data security! ๐Ÿ›ก๏ธ

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

All quiet on the Western Union ๐Ÿ’ฐ

๐Ÿ’ฐ Western Union Returns Millions to Fraud Victims ๐Ÿ’ฐ

Great news for victims of fraud via Western Union! The financial giant is distributing an additional $40 million to reimburse 25,000 victims worldwide, marking the start of the second phase of the Western Union Remission. This follows a prior payout of $365 million to 148,000 victims. ๐Ÿ’ธ๐Ÿ’ณ

These funds were forfeited by Western Union as part of a 2017 agreement, where they admitted to aiding wire fraud and violating the Bank Secrecy Act. They pledged to forfeit $586 million in total to compensate victims targeted in various scams, including sweepstakes, grandparent, and romance scams. ๐Ÿšซ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’”

The Department of Justice (DoJ) has be//en accepting petitions for remission from fraud victims. This distribution underscores their commitment to justice and holding those responsible accountable. More distributions are expected in the near future. ๐Ÿคโš–๏ธ

If you've been a victim of fraud via Western Union, you may still have a chance to get your money back. Don't miss out! ๐ŸŒŸ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

Throw another six on the barbie ๐Ÿ˜‚

Gif on Giphy

๐Ÿ›ก๏ธ Australia's Six Cyber Shields ๐Ÿ›ก๏ธ

Australia is fortifying its cybersecurity with a national strategy, announced by Home Affairs Minister Clare O'Neill. The strategy outlines six "cyber shields" to safeguard the nation:

  • Education: Empowering businesses and citizens with knowledge about online threats, defence, and post-incident support. ๐Ÿ“š๐Ÿ‘ฉโ€๐Ÿ’ผย 

  • Safe Technology: Establishing global safety standards for digital products, ensuring everything sold in Australia is safe to use. ๐ŸŒ๐Ÿ›ก๏ธ

  • Threat Sharing & Blocking: Enabling real-time exchange of threat intelligence between government and businesses to preemptively block threats. ๐Ÿค๐Ÿšซ

  • Critical Infrastructure Protection: Strengthening digital defences for vital government assets. ๐Ÿข๐Ÿ’ป

  • Sovereign Infosec Capability: Cultivating a thriving cyber ecosystem with skilled professionals. ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ”ฌ

  • Coordinated Global Action: Building regional resilience through partnerships and engagement, assisting neighbouring countries with their security. ๐Ÿค๐ŸŒ

By 2030, Australia aims to lead in all things cyber through these measures. ๐Ÿš€๐Ÿ‡ฆ๐Ÿ‡บ

๐Ÿ‘ฉโ€๐Ÿ’ผ Director's Duty in Cybersecurity ๐Ÿ‘จโ€๐Ÿ’ผ

Joe Longo, Chair of ASIC, has issued a stern warning to Australian boards about cybersecurity. Directors are urged to take cyber risks seriously, integrate them into risk management, and enhance resilience. Neglecting these responsibilities could lead to legal consequences, including civil and criminal penalties. ๐Ÿšซโš–๏ธ

Directors should not rely on a "vaccination theory of cyber security" but actively manage supply chain and vendor risk. They must also develop crisis plans for communication and recovery, involving third-party suppliers. ๐Ÿ“๐Ÿ”

Remember, protecting critical information is paramount, especially when third parties are involved. Prioritise what matters most and fortify your cyber defences! ๐Ÿ”’๐ŸŒ

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles