T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of...

PT-2022-26103 · Unknown +8 · Freeradius +7

Name of the Vulnerable Software and Affected Versions: freeradius affected versions not specified Description: The issue occurs when an EAP-SIM supplicant sends an unknown SIM option to the server. The server attempts to look up this option in its internal dictionaries, which fails. However, the...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-28917)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checking in Telephony, which could lead to unauthorized modification of PLMN SIM files. An attacker could exploit...

CVE-2021-39782

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-39782

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-39782

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-39782

The CVE-2021-39782 issue affects Android 12L Telephony, enabling a local elevation of privilege via unauthorized modification of the PLMN SIM file due to a missing permission check. Exploitation is described as local with no user interaction; the Android 12L security release notes indicate mitiga...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checking in Telephony, which could lead to unauthorized modification of PLMN SIM files. An attacker could exploit...

mx.dual-sim.cards Improper Access Control vulnerability OBB-2384878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-10635

Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext...

Roblox Beamers steal items from kids

Roblox gamers are once again being warned to be on their guard against scammers plundering valuable digital items. Most multiplayer titles are all about customization. You won’t find many popular games where digital items aren’t up for grabs. Some games lock the items, such as outfits, weapons, o...

Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring...

Sharp SIM-Swapping Spike Causes $68M in Losses

SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...

CVE-2021-39659

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed f...

Huawei HarmonyOS SIM dual card management component sensitive information disclosure vulnerability

Huawei HarmonyOS is an operating system from Huawei of China. It provides a microkernel-based, fully distributed operating system. The Huawei HarmonyOS SIM dual card management component is vulnerable to sensitive information disclosure. An attacker could exploit the vulnerability to compromise...

ASB-A-183612370

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed...

T-Mobile’s latest data breach exposed users to SIM swapping attacks

By Waqas T-Mobile is the only telecom giant to suffer at least three known data breaches in 2021. This is a post from HackRead.com Read the original post: T-Mobiles latest data breach exposed users to SIM swapping attacks...

The vulnerability of the SIMalliance Toolbox browser on Samsung devices allows a perpetrator to disclose protected information, extract location and IMEI information, or execute certain commands.

The vulnerability of the SIMalliance Toolbox browser on Samsung devices is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to disclose protected information, extract location and IMEI details, or execute certain commands using the SIM Toolkit S...