Among the material seized by the Taliban in Afghanistan are biometric registration and identification devices that had been used by the former government, the Intercept reports. The Handheld Interagency Identity Detection Equipment (HIIDE, for short) was used for such tactical purposes as checkpoint control and also in broader programs, like the preparation of identity documents. The biometric modalities collected by HIIDE include iris scans and fingerprints; the larger centralized databases to which the devices were connected held (and possibly still hold) biographical information on a large number of individuals whose biometrics had been registered by HIIDE.
T-Mobile has determined that in fact customer data were accessed by attackers, presumably those who advertised in a dark web souk that they had information for sale. The data affect just under forty-eight-million customers. No paycard or other information appears to have been compromised, T-Mobile says, but what was lost is serious enough. In the worst cases it included "customers’ first and last names, date of birth, SSN, and driver’s license/ID information." The company is in the process of alerting affected individuals.
Volexity yesterday reported that the North Korean APT it tracks as "InkySquid" (also known as APT37 or ScarCruft) has compromised the NK News site into a watering hole serving Bluelight malware as its payload. NK News is a legitimate South Korean outlet focused on news about the DPRK.
ZDNet reports that the Brazilian government has disclosed that a ransomware attack hit the National Treasury Friday, but without "structural damage" to trading platforms.