TLDR:
- Data of 73 million AT&T customers leaked on dark web
- Accidental Linux backdoor discovery likely prevented thousands of infections
In a recent cybersecurity news update, it was reported that data from approximately 73 million current and former AT&T customers was exposed on the dark web, including sensitive personal information such as social security numbers. This breach, which dates back to 2019 or earlier, was disclosed by AT&T over the Easter holiday weekend. Meanwhile, a critical backdoor vulnerability was discovered in Linux distributions Fedora 41 and Fedora Rawhide, posing a severe security risk to users. The vulnerability, discovered by developer Andres Freund, was introduced surreptitiously by an unknown entity using the alias “Jia Tan.”
Additionally, the Department of Homeland Security (DHS) is expected to discontinue purchasing commercially available device data that has been used for various surveillance purposes since 2018. This decision comes in response to recommendations for stricter privacy controls from the DHS inspector general. On the malware front, a new version of the Vultur banking trojan, posing as a McAfee Security app, is targeting Android users through smishing and vishing attacks, demonstrating advanced remote control capabilities over infected devices.
Furthermore, users of the service Phantom Overlay, which provides cheats for popular games like Call of Duty and Counter-Strike, have been targeted in a large-scale infostealer campaign that compromised several million gamers’ credentials. Activision Blizzard has advised affected players to change their passwords and enable two-factor authentication to secure their accounts. Meanwhile, macOS users have been targeted with ads spreading stealer malware capable of harvesting sensitive information from their devices.
Rounding out the report, security researchers have identified a Linux variant of the DinodasRAT backdoor targeting servers in China, Taiwan, Turkey, and Uzbekistan. This variant, designed for espionage purposes, enables attackers to monitor, control, and exfiltrate data from compromised systems. Finally, the cybersecurity community mourns the loss of Ross Anderson, a renowned professor known for his contributions to computing and privacy advocacy.