MAL-2024-1176 Malicious code in optus-sport-ctv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e77d4e5b4d39f3120c7742b9d7a7e79b69f2d5a5ed122b1f57add9d3564a752 The OpenSSF Package Analysis project identified 'optus-sport-ctv' @ 99.3.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in optus-sport-ctv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e77d4e5b4d39f3120c7742b9d7a7e79b69f2d5a5ed122b1f57add9d3564a752 The OpenSSF Package Analysis project identified 'optus-sport-ctv' @ 99.3.0 npm as malicious. It is considered malicious because: - The package...

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

A Sydney man has been sentenced to an 18-month Community Correction Order CCO and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked...

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

A Sydney man has been sentenced to an 18-month Community Correction Order CCO and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

Hardcoded credentials

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

CVE-2022-36222

CVE-2022-36222 affects Nokia Fastmile 3tg00118abad52 devices shipped by Optus. It uses a default hardcoded admin credentials (admin:Nq+L5st7o) that can be used locally to access the web admin interface. The CVSS v3.1 base score is 8.4 (HIGH); attack vector LOCAL, no privileges required, no user i...

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevan...

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police AFP has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipient...

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security...

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. The company also said it has engaged the servic...

Optus data breach "attacker" says sorry, it was a mistake

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym "optusdata" claims to have stolen the data of 10 million Optus customers. The information include...

Optus Hacker Apologizes to Australians Over Data Breach

By Waqas The hacker has also decided not to sell the stolen Optus customers' data to anyone. This is a post from HackRead.com Read the original post: Optus Hacker Apologizes to Australians Over Data Breach...

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

The Australian Federal Police AFP on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged...

Data of millions of users exposed in Australia’s 2nd-largest telecom firm breach

By Deeba Ahmed Optus has denied any inside job or human error as the cause of the hack. This is a post from HackRead.com Read the original post: Data of millions of users exposed in Australias 2nd-largest telecom firm breach...

optus.com.au Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1167743 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Netgear CG3000v2 Password Change Bypass

I noticed a security issue in my Netgear CG3000v2 cable modem, as provided by Optus an Australian phone/communications provider. The "admin password" can be changed on the web interface, without providing the current password. The page http://192.168.0.1/SetPassword.asp prompts for old and new...

XSS Attack using SMS to Optus/Huawei E960 HSDPA Router

XSS Attack using SMS to Optus/Huawei E960 HSDPA Router Synopsis -------- Huawei E960 HSDPA Router firmware version 246.11.04.11.110sp04 is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is...