mercredi , 30 septembre 2020

Un brevet fédéral en cybersécurité et une grosse vulnérabilité pour McAfee #veille (17 nov 2019)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

ZoneAlarm forum site hack exposed data of thousands of users – Cyber Defense Magazine

This is really an embarrassing incident, ZoneAlarm forum site has suffered a data breach exposing data of its discussion forum users. ZonaAlarm, the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion […]

Facebook App for iOS Caught Accessing Camera in Background

iPhone users reported that Facebook was opening the primary camera when the app was in use, leading to speculation that this function was being used to spy on people. Facebook was quick to say it was nothing more than a bug. Some iPhone users noticed that the camera on their phone…

Cyber-attaques / fraudes

Pipka JavaScript Skimmer Deletes Itself After Execution

Visa has identified a new type of JavaScript skimmer in the wild that can erase itself from HTML code after execution. The malware, named Pipka, was found running on several eCommerce websites in the United States. While the basic working principle behind this JavaScript… #html #Pipka #skimmer

Hackers Breach ZoneAlarm’s Forum Site – Outdated vBulletin to Blame

Hackers Breach Outdated vBulletin Forum of ZoneAlarm Cybersecurity Company

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers’ Storage

Lack of reasonable security safeguards at Utah-based technology company allowed a hacker to access the personal information of a million consumers.

Pemex claims victory over cyberattack; $4.9 million ransom reportedly demanded | SC Media

The claim made by the Mexican state-owned petroleum corporation Pemex that it had recovered from a Nov. 10 cyberattack was met with some skepticism, as published reports indicate the attack may be still affecting the company. Pemex stated it had suffered a cyberattack that impacted about five percent of its computer equipment, but managed to contain the problem and is now operating normally.

10 millions d’abonnés pour Disney+ et déjà des milliers de piratés !

Le stream de Mickey, Marvel et autres Starwars attire donc les foules… et les pirates. Dans les espaces que je surveille pour le Service Veille ZATAZ, et en moins de 40 minutes après le lancement de Disney+, plusieurs groupes de pirates spécialisés dans la vente de comptes piratés ont sorti de leurs sacs à malveillances des milliers de comptes clients.

Facebook a supprimé 3,2 milliards de faux comptes et 2,5 millions de posts

Le plus grand réseau social du monde est chaque année confronté à un problème de taille : les faux comptes et les posts à caractère “abusif”. En 2019, entre avril et septembre, Facebook affirme avoir supprimé 3,2 milliards de faux comptes et 2,5 millions de posts ne respectant pas les règles du réseau social.

Failles / vulnérabilités

US-CERT warns of critical flaws in Medtronic equipment

The United States Computer Emergency Readiness Team (US-CERT) has issued another warning about security flaws in medical equipment made by Medtronic. The problem this time is in the Valleylab FT10 (V4.0.0 and below) and Valleylab FX8 (v1.1.0 and below), electrosurgical generators used by surgeons for procedures such as cauterisation during operations.

Serious Security Vulnerability Found In All McAfee Antivirus Editions

Following Avast, we now hear of a security bug in McAfee antivirus. Researchers have found this vulnerability to affect all McAfee Antivirus Editions, the vulnerability could allow for code execution via DLL injection. Researchers from SafeBreach Labs have discovered a serious security vulnerability affecting all Editions of McAfee Antivirus software.

BlueKeep: What you Need to Know

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.

Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet

China’s top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country’s top hacking competition. Over the course of two days — November 16 and 17 — Chinese security researchers will test zero-days against some of the world’s most popular applications.

Facebook confirms bug that activated iOS cameras – CyberScoop

Social media users have complained in recent days that Facebook apparently has been activating iPhone owners’ cameras while they were scrolling through their news feeds. Word of the issue resulted in a handful of news articles suggesting Facebook again was abusing customer trust to collect data in a way it has never made public.

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

New WhatsApp Flaw (CVE-2019-11931) Could Have Allowed Hackers to Install Spyware On Your Device Just by Singing MP4 Media File

Réglementaire / juridique

E Hacking News – Latest Hacker News and IT Security News: The Russian Embassy in Washington sent a note of protest to the State Department

The US Department of Justice has confirmed the extradition of Russian hacker Alexei Burkov from Israel. Accused by Americans of credit card fraud, a Russian citizen has already appeared before a federal judge in Virginia. Burkov faces up to 80 years in prison.


Lancement du nouveau profil professionnel de spécialiste en cybersécurité avec brevet fédéral – allocution de la cheffe du DDPS

Berne, 11.11.2019 – Allocution de la conseillère fédérale Viola Amherd, cheffe du Département fédéral de la défense, de la protection de la population et des sports (DDPS) à l’occasion du lancement du nouveau profil professionnel de spécialiste en cybersécurité avec brevet fédéral, lundi 11 novembre à Berne.

About Marc Barbezat

Blogueur et spécialiste en cybersécurité

Check Also

kit premier secours

Un guide du NIST pour se rétablir après une attaque de ransomware

Le NIST a publié un guide pratique sur la cybersécurité que les entreprises peuvent utiliser pour se remettre d'attaques de type ransomware

Un dealer du darknet trahi … par ses empreintes digitales

Voici le récit intéressant qui montre comment un e-baron de la drogue est tombé grâce à une simple photographie.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter