BMW infiltré et les 44 millions de comptes piratés Microsoft #veille (8 déc 2019)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Data from 21M Mixcloud Users Compromised in Breach

The music streaming service received reports indicating attackers gained unauthorized access to its systems. Music streaming service Mixcloud has disclosed a security incident in which unauthorized users gained access to some of its systems, resulting in the sale of customer data on the Dark Web.

SMS and personal data of millions of Americans leaked online

The IT security researchers at vpnMentor have discovered a trove of insecure data hosting on a company based in the United States. Named TrueDialog, the firm provides a range of texting solutions to businesses in the USA and as such had a database containing confidential data of its customers.

Moscow Cops Sell Access to City CCTV, Facial Recognition Data

Anyone with a little money can buy access to Moscow’s surveillance system of tens of thousands of cameras along and check footage stored over the previous five days. Sellers on forums and messenger groups that trade illegal data also provide facial recognition lookup services.

https://www.hackread.com/smartwatch-expose-kids-real-time-location-data/

Cyber-attaques / fraudes

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.

Smith & Wesson Web Site Hacked to Steal Customer Payment Info

American gun manufacturer Smith & Wesson’s online store has been compromised by attackers who have injected a malicious script that attempts to steal customer’s payment information. This type of attack is called Magecart and is when hackers compromise a web site so that they can inject malicious JavaScript scripts into ecommerce or checkout pages.

BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019. BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.

Failles / vulnérabilités

44 millions d’utilisateurs Microsoft possèdent un mot de passe piraté

Si le web est de plus en plus vulnérable, ce n’est pas uniquement à cause de la hausse des cybermenaces. Entre janvier et mars, Microsoft a analysé une base de données de 3 milliards de comptes utilisateurs à son OS et ses services, et vient de dresser un bilan effrayant.

Réglementaire / juridique

Australian and European police shut down access to popular criminal hacking tool – CyberScoop

Australian and European law enforcement officials say they have taken down a remote-access hacking tool that had been sold to 14,500 buyers in 124 countries. The demise of the so-called Imminent Monitor Remote Access Trojan’s (IM-RAT), which officials said had been used to steal personal data from tens of thousands of victims, is a major victory for law enforcement officials in Australia and Europol, the European Union’s law enforcement agency.

Dutch politician faces three years in prison for hacking iCloud accounts and leaking nudes | ZDNet

Dutch prosecutors have asked a judge for a three-year prison sentence for a local politician who doubled as a hacker and breached the personal iCloud accounts of more than 100 women, stealing and then leaking sexually explicit photos and videos online.

228 arrests and over 3800 money mules identified in global action against money laundering

Law enforcement authorities from 31 countries, supported by Europol, Eurojust and the European Banking Federation (EBF), have stepped up their efforts to crack down on money mule schemes that rope in victims often unaware that the money they are sending is part of an elaborated money laundering scheme.

Un expert en crypto accusé d’avoir aidé la Corée du Nord à éviter des sanctions

Le 29 novembre, le développeur Virgil Griffith a été arrêté par les autorités américaines à l’aéroport international de Los Angeles. S’il n’avait pas l’autorisation de se rendre en Corée du Nord, l’expert aurait tout de même fait le déplacement pour tenir une conférence sur la blockchain lors de la Pyongyang Blockchain and Cryptocurrency Conference (DPRK).

Protonmail appelle Bruxelles à amender sa réforme de la collecte de preuves en ligne

Technologie : Alors que la proposition e-evidence fait aujourd’hui l’objet d’amendements à Bruxelles, des opérateurs de messageries en ligne, dont Protonmail, en ont profité pour renouveler leur opposition à ce texte jugé « dangereux pour la vie privée ».

Divers

https://www.ictjournal.ch/news/2019-12-03/ruag-vend-sa-filiale-de-cybersecurite-clearswift

La reconnaissance faciale sera bientôt obligatoire pour voyager aux États-Unis

Les autorités américaines réfléchissent à un système de sécurité qui exigerait de photographier toutes les personnes qui entrent dans le pays ou le quittent. Ce système est bien plus qu’une simple photographie, il intègre une technologie de reconnaissance faciale. Ce projet devrait entrer en vigueur dès le mois de juillet prochain.

un petit clic pour ma veille

Comments are closed.

S'incrire à la newsletter

Inscrivez-vous et recevez la synthèse des nouveaux articles directement dans votre boîte aux lettres.

Merci pour votre inscription !

Un erreur s'est produite. Merci d'essayer à nouveau ou utiliser le formulaire disponible dans la barre latérale du site.

Send this to a friend