Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
Data from 21M Mixcloud Users Compromised in Breach
The music streaming service received reports indicating attackers gained unauthorized access to its systems. Music streaming service Mixcloud has disclosed a security incident in which unauthorized users gained access to some of its systems, resulting in the sale of customer data on the Dark Web.
SMS and personal data of millions of Americans leaked online
The IT security researchers at vpnMentor have discovered a trove of insecure data hosting on a company based in the United States. Named TrueDialog, the firm provides a range of texting solutions to businesses in the USA and as such had a database containing confidential data of its customers.
Moscow Cops Sell Access to City CCTV, Facial Recognition Data
Anyone with a little money can buy access to Moscow’s surveillance system of tens of thousands of cameras along and check footage stored over the previous five days. Sellers on forums and messenger groups that trade illegal data also provide facial recognition lookup services.
Cyber-attaques / fraudes
Major data center provider hit by ransomware attack, claims report
CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.
Smith & Wesson Web Site Hacked to Steal Customer Payment Info
American gun manufacturer Smith & Wesson’s online store has been compromised by attackers who have injected a malicious script that attempts to steal customer’s payment information. This type of attack is called Magecart and is when hackers compromise a web site so that they can inject malicious JavaScript scripts into ecommerce or checkout pages.
BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019. BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.
Failles / vulnérabilités
44 millions d’utilisateurs Microsoft possèdent un mot de passe piraté
Si le web est de plus en plus vulnérable, ce n’est pas uniquement à cause de la hausse des cybermenaces. Entre janvier et mars, Microsoft a analysé une base de données de 3 milliards de comptes utilisateurs à son OS et ses services, et vient de dresser un bilan effrayant.
Réglementaire / juridique
Australian and European police shut down access to popular criminal hacking tool – CyberScoop
Australian and European law enforcement officials say they have taken down a remote-access hacking tool that had been sold to 14,500 buyers in 124 countries. The demise of the so-called Imminent Monitor Remote Access Trojan’s (IM-RAT), which officials said had been used to steal personal data from tens of thousands of victims, is a major victory for law enforcement officials in Australia and Europol, the European Union’s law enforcement agency.
Dutch politician faces three years in prison for hacking iCloud accounts and leaking nudes | ZDNet
Dutch prosecutors have asked a judge for a three-year prison sentence for a local politician who doubled as a hacker and breached the personal iCloud accounts of more than 100 women, stealing and then leaking sexually explicit photos and videos online.
228 arrests and over 3800 money mules identified in global action against money laundering
Law enforcement authorities from 31 countries, supported by Europol, Eurojust and the European Banking Federation (EBF), have stepped up their efforts to crack down on money mule schemes that rope in victims often unaware that the money they are sending is part of an elaborated money laundering scheme.
Un expert en crypto accusé d’avoir aidé la Corée du Nord à éviter des sanctions
Le 29 novembre, le développeur Virgil Griffith a été arrêté par les autorités américaines à l’aéroport international de Los Angeles. S’il n’avait pas l’autorisation de se rendre en Corée du Nord, l’expert aurait tout de même fait le déplacement pour tenir une conférence sur la blockchain lors de la Pyongyang Blockchain and Cryptocurrency Conference (DPRK).
Protonmail appelle Bruxelles à amender sa réforme de la collecte de preuves en ligne
Technologie : Alors que la proposition e-evidence fait aujourd’hui l’objet d’amendements à Bruxelles, des opérateurs de messageries en ligne, dont Protonmail, en ont profité pour renouveler leur opposition à ce texte jugé « dangereux pour la vie privée ».
Divers
La reconnaissance faciale sera bientôt obligatoire pour voyager aux États-Unis
Les autorités américaines réfléchissent à un système de sécurité qui exigerait de photographier toutes les personnes qui entrent dans le pays ou le quittent. Ce système est bien plus qu’une simple photographie, il intègre une technologie de reconnaissance faciale. Ce projet devrait entrer en vigueur dès le mois de juillet prochain.
1 Comment
Comments are closed.
Pingback: Veille Cyber N261 – 16 décembre 2019 |