Facebook et Microsoft, suivis par une trentaine d’entreprises du numérique ont signé le Cybersecurity Tech Accord initié par la Digital Geneva Convention indiquant les grands principes à respecter concernant les cyber-agressions, y compris les cyberattaques gouvernementales.
Le département de la sécurité intérieure des États-Unis, le FBI et le centre national de cybersécurité du Royaume-Uni ont publié une première déclaration commune avertissant les entreprises et les résidents des deux pays qu’une cyberattaque à grande échelle pourrait être imminente. Des hackers russes soutenus par le gouvernement utiliseraient des routeurs compromis et d’autres infrastructures de réseau pour mener des opérations d’espionnage et potentiellement jeter les bases de futures cyber-opérations offensives, ont averti les autorités britanniques et américaines. Près de 400 entreprises australiennes pourraient avoir déjà été la cible de cette cyberattaques russe et aurait touché des millions de machines dans le monde.
Autres informations en bref:
- l’attaque ransomware sur la ville d’Atlanta lui aurait coûté au moins 2,7 millions de dollars;
- La Norvège et la Suisse sont devenues de nouveaux membres officiels lors de la réunion du Conseil d’administration du J-CAT (Joint Cybercrime Action Taskforce) du 18 avril dernier;
- Le géant financier allemand Deutsche Bank a fait une boulette en transférant par erreur 28 milliards d’euros à l’un de ses clients.
Et voici les actualités intéressantes sélectionnées pour ce rapport de veille :
-
Facebook a refusé les deux tiers des requêtes des autorités suisses
“Depuis 2013, les autorités suisses ont envoyé 361 demandes de données à Facebook, concernant en majorité des soupçons de terrorisme. Le réseau social a refusé son aide dans 253 cas, soit les deux tiers, selon la SonntagsZeitung.”
-
Ikea app TaskRabbit reveals security breach
“Ikea’s odd jobs marketplace TaskRabbit is investigating a “cyber-security incident”, the company has announced. The app and website let people find freelance workers to complete household tasks such as cleaning, gardening or assembling flat-pack furniture.”
-
Microsoft delays major Windows 10 update over Blue Screen of Death issues
“Microsoft was planning to launch its next major Windows 10 update, codenamed Redstone 4, last week. The software giant had targeted April 10th as an internal target to release the update, but a last-minute “blocking bug” delayed the release. In an unusual change, Microsoft has now issued a new build instead of fixing the bug with a cumulative update via Windows Update”
-
Russian hacking: Up to 400 Australian companies caught up in cyber attacks blamed on Moscow
“Up to 400 Australian businesses may have been targeted by suspected Russian state-sponsored cyber attacks that have affected millions of machines worldwide, the Defence Minister Marise Payne has revealed.”
-
Massive Ransomware attack cost City of Atlanta $2.7 millions
“According to Channel 2 Action News that investigated the incident, the ransomware attack on the City of Atlanta cost it at least $2.7 million.”
-
CCleaner : comment des pirates ont réussi à infecter 2 millions d’utilisateurs
“Les hackers ont utilisé TeamViewer, un logiciel de maintenance à distance, pour prendre pied dans le réseau de l’éditeur Piriform. Ils sont restés planqués pendant des mois avant de véroler les mises à jour de CCleaner. “
-
Ces chercheurs exfiltrent les données d’un PC… par sa prise de courant
“Une technique baptisée PowerHammer permet de moduler l’intensité du réseau électrique en faisant varier la charge de calcul des cœurs de CPU. Il suffit ensuite de se brancher sur le fil d’alimentation pour récupérer les données.”
-
“Norway and Switzerland became new official members during the 18th April Board meeting of the J-CAT, the chairmanship of which was handed over to the Netherlands for the upcoming year”
-
Facial recognition cameras on lamp posts to be tested in Singapore – Naked Security
“Singapore last year announced that it wants to convert every single lamp post in the country – there are about 110,000 in the island state – into an interconnected network of wireless sensors. Now, it looks like the plan is to put surveillance cameras equipped with facial recognition on top of those posts, where they can pick out faces and identify pedestrians, bicyclists, motorcyclists or motorists as they pass by, Reuters reports.”
-
“Government-backed Russian hackers are using compromised routers and other network infrastructure to conduct espionage and potentially lay the groundwork for future offensive cyber operations, UK and US authorities have warned.”
-
Google cuts fake ad blockers from Chrome Store: Were you among 20 million fooled?
“A researcher has uncovered five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them.”
-
NHS website defaced by hackers
“An NHS website hosting data from patient surveys that was defaced by hackers has been fixed. The site, insights.london.nhs.uk, was given a black background, eerie music and a message in white text that read: “Hacked by AnoaGhost.””
-
LinkedIn Fixes User Data Leak Bug
“LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members’ personal data.”
-
Germany’s Deutsche Bank transfers €28 billion to an account by mistake
“German banking financial giant Deutsche Bank has made a blunder by “mistakenly transferring a whopping €28 billion ($34 billion) to one of its clients.”
-
British teen who hacked CIA chief gets two years in prison
“Kane Gamble, the founding member of Crackas with Attitude (CWA) hacking group has been sentenced to two years in prison for hacking high-profile government officials and systems in the United States.”
-
48 Million Incredibly Detailed Cambridge Analytica-style Profiles Leaked Online
“In February, security researchers with UpGuard discovered yet another improperly-configured Amazon S3 cloud storage account. That account was leaving a huge amount of data exposed to anyone who happened to come poking around. A whopping 1.2 terabytes of data.”
-
SunTrust says ex-worker may have stolen data on 1.5M clients – NY Daily News
“SunTrust Banks Inc. says accounts for 1.5 million clients could be compromised following a potential case of data theft. The Atlanta bank said Friday that a former employee may have stolen the data and an investigation is ongoing. Compromised information could include names, addresses, phone numbers and account balances.”
-
34 entreprises, dont Microsoft et Facebook se mobilisent sur la cybersécurité
“Facebook et Microsoft, suivis par une trentaine d’entreprises du numérique on décidé de travailler main dans la main pour lutter contre la cybercriminalité.Plusieurs géants de l’IT viennent de signer le Cybersecurity Tech Accord, dans lequel on retrouve tous les grands principes à respecter concernant les cyberagressions, y compris les cyberattaques gouvernementales”
-
US & UK issue security warning and tech giants join forces
“On Monday, the US Department of Homeland Security, the FBI, and the UK National Cyber Security Center issued a first-ever joint statement warning businesses and residents of both nations that a wide-scale cyberattack could be imminent.”
Posted from Diigo. The rest of my favorite links are here.