An Empirical Study of Wireless Carrier Authentication for SIM Swaps
www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites on which user accounts can be compromised based on a SIM swap alone.
Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers
www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Late last night, multiple groups released working exploits for the Citrix ADC path traversal flaw. First, “Project Zero India” released a simple exploit essentially consisting of two curl commands . The first one will write a template file that includes a shell command of the user’s choosing. The second curl request will download the result of the command execution. The exploit worked for me, but