An offshoot of the Winnti APT has been exploiting the SideWalk modular backdoor, Threatpost reports. The group, which ESET calls "SparklingGoblin," has been hitting targets in East and Southeast Asia. Winnti has been associated with Chinese intelligence services.
The Wall Street Journal has been talking with the young American expatriate (residing in Turkey) who claims to be responsible for hacking T-Mobile. John Binns, who, the Journal says, seemed to have non-public knowledge about the data breach, says he gained access to T-Mobile's networks through an unprotected router. Mr. Binns said the telco's security was "awful," and that he hacked them "to make noise." He had no comment on whether he was selling the stolen data, or had been paid to compromise T-Mobile.
Microsoft has warned customers against a vulnerability in Azure's Cosmos DB database, Reuters reported early this morning. Researchers at Wiz discovered and disclosed the issue, which involved access to database keys, earlier this month, and Microsoft has now addressed the problem.
Redmond has also issued guidance on addressing ProxyShell vulnerabilities in Exchange Server.
The ransomware gang responsible for Ragnarok says it's shuttering its operations, and has released a decryption key for Ragnarok, according to the Record. The Ragnarok gang had been active since 2019. Whether this represents a genuine twilight of the bad gods or simply indicates a rebranding remains to be seen.
The Intercept says that, although Cellebrite says it exited the Chinese market last year, Chinese police have continued to buy the company's phone cracking technology.