Cyber Weekly Digest - Week #34



In this week’s Digest, find out about millions of US T-Mobile customers affected by their latest breach and why the US Census Bureau was criticised for a breach in January 2020. Keep reading to stay up to date with all the latest and biggest cyber security stories from across the globe.


1. 40 million T-Mobile customers hit by US data breach

​On Monday, a threat actor claimed to be selling personal data for 100 million T-Mobile customers after they breached database servers operated by the mobile network.

T-Mobile has confirmed that attackers breached their servers this week and stole files containing the personal information of tens of millions of individuals. The massive breach affects around 7.8 million T-Mobile postpaid customers, 850,000 prepaid users, and approximately 40 million former or prospective ones. Attackers could use customer information stolen in this attack for SIM swapping attacks, allowing them to take over other online accounts belonging to the victims. This is the sixth major data breach suffered by T-Mobile during the last four years.

2. US Census Bureau criticised a breach in January 2020 using Citrix exploit.

A recent report revealed that the US Census Bureau servers were breached in January 2020, in which attackers exploited a Citrix ADC zero-day flaw. According to the report by the US Office of Inspector General, the Bureau had failed to mitigate the critical vulnerability exploited in the attack, leaving its servers vulnerable. After their servers were compromised, the Bureau was unable to discover and report the attack on time and had not maintained sufficient system logs, hindering the incident investigation.

3. An unpatched Fortinet vulnerability could allow firewall takeovers.

Researchers have disclosed an unpatched OS command-injection security vulnerability in Fortinet’s web application firewall platform, known as FortiWeb. The vulnerability could allow privilege escalation and full device takeover. The vulnerability exists in FortiWeb’s management interface and carries a CVSS score of 8.7 out of 10, making it high-severity. As a result, Fortinet has sped up plans to release a fix for the problem with FortiWeb 6.4.1, which was initially planned for the end of August.

4. Nearly a million IoT devices are impacted by multiple flaws in Realtek’s WiFi SDKs.

Realtek, the Taiwanese chip designer, has warned of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi module. The flaws could be exploited by attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. Two of the vulnerabilities have a CVSS score of 8.1, whilst the other two have a score of 9.8. Researchers have estimated that the total affected devices could reach a million.


5. Japanese insurer Tokio Marine discloses a ransomware attack.

Tokio Marine Holdings, a multinational insurance holding company in Japan, announced that its Singapore branch suffered a ransomware attack this week. It is unclear how or when the attack unfolded and the damage it caused, although Tokio Marine isolated the network immediately after detecting it and informed the local government agencies. The parent company confirmed that there is no indication of a breach of any customer information nor confidential information of the Group. This year, more insurers are being targeted by ransomware attacks, with CNA and AXA the first half of this year.