Un brevet fédéral en cybersécurité et une grosse vulnérabilité pour McAfee #veille (17 nov 2019)

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !


Pour m'offrir un café en échange du travail de veille réalisé gratuitement

Vol / perte de données

ZoneAlarm forum site hack exposed data of thousands of users

This is really an embarrassing incident, ZoneAlarm forum site has suffered a data breach exposing data of its discussion forum users. ZonaAlarm, the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion forum users.

Facebook App for iOS Caught Accessing Camera in Background

iPhone users reported that Facebook was opening the primary camera when the app was in use, leading to speculation that this function was being used to spy on people. Facebook was quick to say it was nothing more than a bug. Some iPhone users noticed that the camera on their phone…

Open database exposes data on patients of substance abuse facilities

A misconfigured AWS s3 storage bucket reportedly exposed roughly 93 million billing files that contain information on patients of three drug and alcohol addiction facilities operated by San Juan Capistrano, California-based Sunshine Behavioral Health, LLC.

Cyber-attaques / fraudes

Pipka JavaScript Skimmer Deletes Itself After Execution

Visa has identified a new type of JavaScript skimmer in the wild that can erase itself from HTML code after execution. The malware, named Pipka, was found running on several eCommerce websites in the United States. While the basic working principle behind this JavaScript… #html #Pipka #skimmer

Hackers Breach ZoneAlarm’s Forum Site – Outdated vBulletin to Blame

Hackers Breach Outdated vBulletin Forum of ZoneAlarm Cybersecurity Company

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers’ Storage

Lack of reasonable security safeguards at Utah-based technology company allowed a hacker to access the personal information of a million consumers.

Pemex claims victory over cyberattack; $4.9 million ransom reportedly demanded | SC Media

The claim made by the Mexican state-owned petroleum corporation Pemex that it had recovered from a Nov. 10 cyberattack was met with some skepticism, as published reports indicate the attack may be still affecting the company. Pemex stated it had suffered a cyberattack that impacted about five percent of its computer equipment, but managed to contain the problem and is now operating normally.

10 millions d’abonnés pour Disney+ et déjà des milliers de piratés ! – ZATAZ

Lancé le 12 novembre, le stream Disney+, affiche 10 millions d’abonnés en 24h. ZATAZ va vous montrer que les pirates sont dans l’ambiance.

Facebook a supprimé 3,2 milliards de faux comptes et 2,5 millions de posts

Le plus grand réseau social du monde est chaque année confronté à un problème de taille : les faux comptes et les posts à caractère “abusif”. En 2019, entre avril et septembre, Facebook affirme avoir supprimé 3,2 milliards de faux comptes et 2,5 millions de posts ne respectant pas les règles du réseau social.

Failles / vulnérabilités

US-CERT warns of critical flaws in Medtronic equipment

The United States Computer Emergency Readiness Team (US-CERT) has issued another warning about security flaws in medical equipment made by Medtronic. The problem this time is in the Valleylab FT10 (V4.0.0 and below) and Valleylab FX8 (v1.1.0 and below), electrosurgical generators used by surgeons for procedures such as cauterisation during operations.

Serious Security Vulnerability Found In All McAfee Antivirus Editions

Following Avast, we now hear of a security bug in McAfee antivirus. Researchers have found this vulnerability to affect all McAfee Antivirus Editions, the vulnerability could allow for code execution via DLL injection. Vulnerability In McAfee Antivirus Editions Researchers from SafeBreach Labs have discovered a serious security vulnerability affecting all Editions of McAfee Antivirus software….

BlueKeep: What you Need to Know

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.

Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet

China’s top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country’s top hacking competition. Over the course of two days — November 16 and 17 — Chinese security researchers will test zero-days against some of the world’s most popular applications.

Facebook confirms bug that activated iOS cameras – CyberScoop

Social media users have complained in recent days that Facebook apparently has been activating iPhone owners’ cameras while they were scrolling through their news feeds. Word of the issue resulted in a handful of news articles suggesting Facebook again was abusing customer trust to collect data in a way it has never made public.

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

New WhatsApp Flaw (CVE-2019-11931) Could Have Allowed Hackers to Install Spyware On Your Device Just by Singing MP4 Media File

Réglementaire / juridique

E Hacking News – Latest Hacker News and IT Security News: The Russian Embassy in Washington sent a note of protest to the State Department

The US Department of Justice has confirmed the extradition of Russian hacker Alexei Burkov from Israel. Accused by Americans of credit card fraud, a Russian citizen has already appeared before a federal judge in Virginia. Burkov faces up to 80 years in prison.

Divers

Lancement du nouveau profil professionnel de spécialiste en cybersécurité avec brevet fédéral – allocution de la cheffe du DDPS

Berne, 11.11.2019 – Allocution de la conseillère fédérale Viola Amherd, cheffe du Département fédéral de la défense, de la protection de la population et des sports (DDPS) à l’occasion du lancement du nouveau profil professionnel de spécialiste en cybersécurité avec brevet fédéral, lundi 11 novembre à Berne.

Google récolte légalement les données médicales de millions de patients

Un groupement médical privé, propriétaire de 2600 établissements de santé aux États-Unis a fourni l’entièreté des données médicales de ses patients à Google, sans informer les concernés ni les médecins. Dans le flux des données collectées par Google sans l’accord des utilisateurs, voici maintenant que s’ajoutent les informations liées à la santé.

1 Comment

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter