Docker Hub piraté et les moteurs de milliers de voiture à la merci des hackers #veille (28 avril 2019)

Il y a longtemps que l’actualité cybersec n’avait pas été aussi variée. On retrouve bien sûr son lot de données perdues ou volées. C’est ainsi le cas de 190’000 utilisateurs du hub Docker qui ont reçu une demande de réinitialisation de leur mot de passe. Des bases de données ont également laissé fuité des information partiellement privées de 60 millions d’utilisateurs LinkedIn.

un petit clic pour ma veille

Pour les cyber-attaques, on notera plutôt l’annonce d’un hacker qui affirme avoir réussi à percer des comptes appartenant à des utilisateurs d’applications de suivi GPS, ce qui lui permettait de surveiller l’emplacement de dizaines de milliers de véhicules et même d’éteindre le moteur de certains d’entre eux alors qu’ils se déplacent. Les ransomwares et les détournements de DNS refont également parler d’eux cette semaine.

Du côté de l’Europe, le Parlement s’est prononcé le 16 avril dernier à Strasbourg en faveur de la mise en place d’une Common Identity Repository (CIR). Cette base de données contiendra des informations biométriques à l’échelle européenne et apportera une meilleure sécurité, en termes de migration et de gestion des frontières et donc également mieux lutter contre le terrorisme.

Et voici toutes actualités intéressantes sélectionnées cette semaine :

Vol / perte de données

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users. Approximately two weeks ago, I was contacted by security researcher Sanyam Jain of the GDI foundation about something strange that he was seeing.

Docker Hub security breach exposes credentials of 190,000 users

This article is more than 2 years old Some bad news arrived late on Friday in the inboxes of users of Docker, the container platform beloved by developers: On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data.

Empowering App Development for Developers | Docker

Learn how Docker helps developers bring their ideas to life by conquering the complexity of app development.

Ride-hailing app leaks personal data of millions of Iranians

Another day, another data breach – This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The database (labeled named ‘doroshke-invoice-production) was discovered by Security Discovery’s researcher Bob Diachenko on April 18th which was available to the public for downloading without any authentication.

Bodybuilders beware! One of the world’s largest online fitness stores hit by security breach

Fitness fanatics are being advised to change their passwords after one of the world’s largest and most popular online fitness stores admitted that it had suffered a security breach that might have exposed customer data.

Cyber-attaques / fraudes

Des pirates ont détourné le DNS de plusieurs pays

Le groupe baptisé  » Sea Turtle  » a piraté des registres Internet pour prendre le contrôle de plusieurs extensions nationales de noms de domaine. Ce qui leur permettait d’usurper n’importe quel site de ces pays.

Amnesty International says ‘state sponsored’ hackers targeted Hong Kong base | ZDNet

Amnesty International’s Hong Kong office has been hit with a cyberattack that the group says is the work of a state-sponsored team whose tactics are consistent with those supported by the Chinese government.

https://www.ictjournal.ch/news/2019-04-16/les-systemes-de-wipro-infiltres-pour-attaquer-des-entreprises-clientes

Man fried over 50 college computers with weaponized USB stick

It’s not as though 27-year-old Vishwanath Akuthota made it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment in February this year. On Valentine’s Day, February 14th 2019, Akuthota walked around the campus of the College of Saint Rose in Albany, New York.

The Weather Channel goes offline after ransomware attack

Another day, another ransomware attack; this time The Weather Channel suffered a powerful ransomware attack forcing its live TV telecast to go offline for 90 minutes. See: WannaCry hero MalwareTech pleads guilty to writing banking malware The ransomware attack took place on April 18th at around 6:00 am, local time, when the channel was telecasting its live morning show « AMHQ. »

Hackers using Google Sites to spread banking malware

Dubbed LoadPCBanker by researchers; the malware is actually an executable that is hidden inside a PDF file titled « PDF Reservations Details MANOEL CARVALHO hospedagem familiar detalhes PDF.exe. » See: GoogleUserContent CDN Hosting Images Infected with Malware The name shows that hackers are specifically targeting English and Portuguese speakers (in Brazil).

Over 500% Increase in Ransomware Attacks Against Businesses

Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems. For consumers, the number of detections for Trojans and RiskwareTool malware families has kept going down since Q1 2018 and backdoors, spyware, and MachineLearning/Anomalous malware have seen increases of 85%, 95%, and 221% respectively.

Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps

Over a relatively short of period of time, computers changed from something you kept on your desk, to something you carried in your pocket, to something you sat inside as you drove to work.

Someone is spoofing big bank IP addresses – possibly to embarrass security vendors – CyberScoop

The last several days have seen a surge in internet traffic mimicking the IP addresses of big U.S. banks in a possible effort to disrupt the cybersecurity personnel and products that help protect organizations from malicious traffic, according to GreyNoise Intelligence, a company that maps internet traffic.

https://fr.ubergizmo.com/2019/04/18/assange-cyberattaques-equateur.html

Failles / vulnérabilités

https://fr.ubergizmo.com/2019/04/23/des-millions-de-mots-de-passe-instagram-ont-ete-stockes-en-texte-brut.html
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
https://blog.skyboxsecurity.com/tchap-exploit/

Réglementaire / juridique

L’Europe va développer l’une des plus grandes bases de données biométriques

Des nouvelles mesures vont être prises au sein de l’UE pour permettre aux systèmes d’information en matière de sécurité, de migration et de gestion des frontières de travailler ensemble pour lutter contre le terrorisme.

Teen Sues Apple for $1 Billion, Saying Facial Recognition Mistook Him for a Thief

An 18-year-old student from New York is suing Apple for $1 billion, claiming he was wrongfully accused of stealing gadgets from a number of Apple stores in Boston, Manhattan, New Jersey and Delaware last year, writes The New York Post [https://nypost.

Divers

Microsoft drops password expiration from Windows 10 security

What is it about a secure password that makes us think it’s secure? Traditionally, for businesses it’s been things like complexity, minimum length, avoiding known bad passwords, and how often passwords are changed to counter the possibility of undetected compromise. And yet, recently, the last of those orthodoxies – password expiration – has started to crumble.

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post.

https://fr.ubergizmo.com/2019/04/23/livreurs-amazon-selfies.html

Comment Swisscom veut contrer la toute puissance de Whatsapp

Swisscom compte introduire cette année un service de messagerie basé sur le standard RCS, amené à remplacer le SMS. Permettant entre autres des tchats en groupe et des appels vidéo, ce standard est la nouvelle arme des opérateurs contre la domination de Whatsapp.

Veilleur et spécialiste en cybersécurité

Comments are closed.

Newsletter