Equifax a utilisé admin-admin pour protéger ses données sensibles et BlackHat piraté #veille (27 oct 2019)

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !


Pour m'offrir un café en échange du travail de veille réalisé gratuitement

Vol / perte de données

Major Carding Forum BriansClub Suffers Data Breach

One of the web’s largest marketplaces for stolen card data has been hacked, leading to the theft the second time over of more than 26 million cards. A source shared the news with security researcher Brian Krebs, whose name and likeness have been used for years by the administrators of the online BriansClub store.

7.5 Million Records of Adobe Creative Cloud User Data Exposed

Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed.

Travel database exposed PII on US government employees

A property management company owned by hotel chain Best Western has exposed 179 GB of sensitive travel information on thousands of travelers, researchers said this week. The breach, which exposed the users of many other travel services, also reportedly put sensitive US government employees at risk.

Japanese hotel chain sorry that hackers may have watched guests through bedside robots

Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices. The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room.

Montana hospital leaks 129,000 patient records in sophisticated…

A healthcare provider in Kalispell, Montana has suffered an embarrassing data breach resulting in the leak of 129,000 health records, exposing patients to identity theft and fraud. Kalispell Regional Healthcare learned of the breach in June, but an investigation… #fraud #hospital #montana

Recruitment Sites Expose Personal Data of 250K Jobseekers

The personal details of 250,000 American and British jobs seekers have been exposed after two online recruitment companies failed to set their cloud storage folders as private. Names, addresses, contact information, and career histories were compromised as a result of the oversight by US jobs board Authentic Jobs and UK retail and restaurant jobs app Sonic Jobs.

Apple Admit to Sharing iOS 13 Safari Browsing History With Chinese Firm Tencent Holdings

Apple generally holds a boastful stance with regard to user privacy. However, some recent reports have made some dangerous revelations that may hurt the firm’s image as well as users’ trust. Apple shares part of users’ browsing history with the Chinese firm Tencent Holdings. This activity primarily affects users of iOS 13 and Safari browser….

Cyber-attaques / fraudes

Czech authorities dismantle alleged Russian cyber-espionage network | ZDNet

Czech government officials said on Monday they dismantled a Russian cyber-espionage network operating in the country. The network was taken down at the end of last year and had been set up by Russian nationals with Czech citizenship, operating with the help of Russia’s intelligence agency (the FSB) and with funding from Russia’s Prague embassy.

Revisiting The BlackHat Hack: How A Security Conference Was Pwned

Does anyone remember the Black Hat BCard hack in 2018? This hack has been documented extensively, most notoriously by [NinjaStyle] in his original blog post revealing the circumstances around discovering the vulnerability. The breach ended up revealing the names, email addresses, phone numbers, and personal details of every single conference attendee – an embarrassing leak from one of the world’s largest cybersecurity conferences.

German firm Pilz still down a week after getting infected with ransomware

German firm Pilz was still down after getting infected by the BitPaymer ransomware more than a week ago, on October 13, 2019. “Since Sunday, October 13, 2019, all servers and PC workstations, including the company’s communication, have been affected worldwide,” reads the “As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network.”

Spanish Police Arrest Three in €10m BEC Bust

Spanish police have arrested three men in connection with a €10m Business Email Compromise (BEC) ring that targeted corporate victims around the world. The Guardia Civil revealed on Tuesday that the group allegedly targeted 12 companies in Belgium, Venezuela, Bulgaria, Norway, the United States, Germany, Luxembourg, Portugal, Chile and the UK.

Étudiant, il a pu arnaquer Apple de près d’un million de dollars

C’est une magouille que l’on ne prendrait pas très aux sérieux à première vue, une manipulation peut-être trop simple et trop facilement repérable. Mais parfois, la réalité nous montre que les choses les plus grosses sont souvent les moins visibles, et Apple vient d’en faire l’expérience.

AWS touché par une attaque DDoS – Le Monde Informatique

Le fournisseur de cloud américain Amazon Web Services a connu une importante perturbation et indisponibilité de services notamment S3, RDS et Aurora ayant duré jusqu’à 8 heures. Dans le même temps, GCP a aussi rencontré des problèmes. Le bouclier d’ AWS n’a pas résisté.

Cozy Bear Emerges from Hibernation to Hack EU Ministries

The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.

Failles / vulnérabilités

Equifax used ‘admin’ as username and password for sensitive data: lawsuit

Equifax ( EFX) used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail.

Galaxy S10 : le lecteur d’empreintes digitales trompé par les étuis et les films de protection

Films de protection ou encore étuis en silicone : le lecteur d’empreintes digitales des Samsung Galaxy S10 souffre d’une importante faille de sécurité. Samsung pourra-t-il vraiment la corriger de manière logicielle ?

Google Pixel 4’s Face Unlock works even if you have your eyes closed | ZDNet

Updated on October 21: Google has told ZDNet that an update to fix this issue is in the works and should arrive ‘ in the coming months .’ Original report below. Google’s upcoming Pixel 4 handset will ship with a glaring security hole in its brand new Face Unlock feature.

US stopped using floppy disks to manage nuclear weapons arsenal | ZDNet

The US Air Force has quietly replaced the infamous floppy disks it was using to manage the country’s nuclear arsenal with what sources described as a “highly-secure solid state digital storage solution.” The switch reportedly took place in June this year, according to defense news site C4ISRNET, citing Lt. Col.

Réglementaire / juridique

Swedish police cleared to deploy spyware against crime suspects | ZDNet

Sweden’s police force has been granted new powers this week, including the ability to deploy spyware on suspects’ devices to intercept encrypted communications and turn on microphones and cameras. The decision was announced by Sweden’s Interior Minister Mikael Damberg in a press conference on Tuesday, October 22.

Hacker Plants Keylogger Devices on Company Systems Faces 12yr in Jail

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time. It appears that the individual was after data relating to an “emerging technology” that both targeted companies were developing.

Texas man sentenced to 145 months in federal prison for hacking Los Angeles Superior Court

A Texas man, Oriyomi Sadiq Aloba (33), was found guilty of hacking the Los Angeles Superior Court (LASC) computer system and abusing it to send out roughly 2 million phishing messages. The phishing campaign aimed at obtaining the victims’ credit card numbers. The man was sentenced by United States District Judge R.

Facebook risque une amende de 35 milliards de dollars pour avoir abusé de la reconnaissance faciale – PhonAndroid.com

Facebook est accusé d’avoir utilisé sa reconnaissance faciale sans l’autorisation de 7 millions d’internautes américains.

Divers

U.S. Border Patrol Reportedly Eyes Face Recognition for Body Cams

U.S. Customs and Border Protection-one of the arms of the federal immigration machine shoving tens of thousands of people into de facto concentration camps-is eyeing equipping officers with facial recognition body cams, according to Reuters.

Une simple erreur de code a potentiellement faussé plus d’une centaine d’études scientifiques

Des chercheurs vont peut-être devoir revoir les conclusions de leurs études scientifiques, s’ils ont utilisé un script créé en 2014, plusieurs fois cité dans le domaine de la chimie, et qui contenait une erreur de code.

1 Comment

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter