Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
Microsoft exposed 250 million customer support records | WeLiveSecurity
Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection More than 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration.
Mitsubishi Electric discloses data breach, possible data leak – Help Net Security
Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that « personal information and corporate confidential information may have been leaked. » The company, though, claims that « sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning business partners have not been leaked. »
Buchbinder Car Renter Exposes Info of Over 3 Million Customers
German car rental company Buchbinder exposed the personal information of over 3.1 million customers including federal ministry employees, diplomats, and celebrities, all of it stored within a ten terabytes MSSQL backup database left unsecured on the Internet. The German company runs a worldwide network of over 5000 car rental stations directed by partners and franchise holders, with clients from more than 100 countries.
UPS Says Phishing Incident Might Have Exposed Some Customers’ Data
The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers.
Cyber-attaques / fraudes
UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone
A forensic examination of Amazon CEO Jeff Bezos’s mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware – likely NSO Group’s notorious Pegasus mobile spyware – that came from Saudi Arabia’s Crown Prince Mohammed bin Salman’s personal WhatsApp account.
Opinion | Jeff Bezos’ Phone Hack Should Terrify Everyone (Published 2020)
Those with the most to lose don’t always safeguard their privacy very well. You can do better. If the Saudi crown prince, Mohammed bin Salman, wants to chat on WhatsApp, politely decline. That’s the lesson from a series of reports this week based off a forensic examination of Jeff Bezos’ communications with the crown prince.
Greek Government websites hit by DDoS attacks, it’s the second time
Yesterday the Greek government announced that the official websites of the prime minister, the national police and fire service and several important ministries were hit by a DDoS cyberattack that took them down. The websites involved in the attack have been already restored by the government IT staff.
City of Potsdam Servers Offline Following Cyberattack
The City of Potsdam severed the administration servers’ Internet connection following a cyberattack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected. Potsdam is the largest city and the capital of the German federal state of Brandenburg, bordering the German capital, Berlin.
Suspected Iranian hacking campaign targets European energy companies | ZDNet
A hacking campaign with suspected ties to Iran has targeted the European energy sector in what’s thought to be a reconnaissance mission aimed at gathering sensitive information. The network intrusion at the energy company has been detailed by researchers at cybersecurity company Recorded Future.
Hackers target unpatched Citrix servers to deploy ransomware | ZDNet
Companies still running unpatched Citrix servers are in danger of having their networks infected with ransomware. Multiple sources in the infosec community are reporting about hacker groups using the CVE-2019-19781 vulnerability in Citrix appliances to breach corporate networks and then install ransomware.
Ransomware Payments Doubled While Downtime Grew in Q4
The average ransomware payment more than doubled quarter-on-quarter in the final three months of 2019, while average downtime grew by several days, according to the latest figures from Coveware. The security vendor analyzed anonymized data from cases handled by its incident response team and partners to compile its Q4 Ransomware Marketplace report.
Failles / vulnérabilités
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet
Over the past two weeks, Mozilla’s add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code. The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they’ve also been disabled in the browsers of the users who already installed them.
US Issues Cybersecurity Warnings Over Flawed Medical Devices
Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC). Safety notices were published yesterday by both the US Food and Drug Administration ( FDA) and the US Department of Homeland Security’s Industrial Control Systems-Cyber Emergency Response Team ( ICS-CERT) regarding vulnerabilities in certain clinical information central stations and telemetry servers.
Réglementaire / juridique
Judge forces insurer to help small business to clean up after a crippling ransomware attack – CyberScoop
At least one insurance company will cover the costs from a cyberattack against one of its clients. A Maryland federal judge on Thursday ruled that an Ohio insurer must cover the costs following a ransomware attack that forced a client to replace much of its technology.
New York state wants to ban government agencies from paying ransomware demands | ZDNet
Two New York state senators have proposed two bills last week to ban local municipalities and other government entities from using taxpayer money for paying ransomware demands. The first bill ( S7246) was proposed by Republican NY Senator Phil Boyle on January 14.
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
Interpol and Indonesian National Police have arrested 3 Credit Card hackers linked to Magecart attacks.
Russian Pleads Guilty to Running Online Criminal Marketplace
A Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei Burkov admitted operating the Cardplanet website, which sold card data acquired through illegal computer intrusions.
US Journalist Denounced for Alleged Involvement with Brazilian Criminal Organization
Brazilian prosecutors have denounced American journalist Glenn Greenwald for his alleged involvement with a cybercrime organization that hacked cell phones to commit bank fraud. Greenwald is best known for a series of reports published from June 2013 by The Guardian newspaper that detailed the global surveillance programs of the United Kingdom and the United States.
L’espion et le gendarme qui aimaient un peu trop le dark Web
En septembre 2018, on apprenait dans la presse l’arrestation de Haurus, un agent de la DGSI soupçonné d’avoir monnayé ses services sur la place de marché illégale Black Hand. L’enquête vient de s’achever, selon le Parisien qui révèle également qu’une enquête est en cours sur un ancien gendarme pour des faits similaires.
Divers
Lancement officiel de la Swiss Digital Initiative au WEF 2020
La SDI, présidée par Doris Leuthard, a présenté à Davos son premier projet, le développement d’un label de confiance numérique. La Swiss Digital Initiative (SDI) lancée à Genève en septembre 2019 par digitalswitzerland sous le patronage du conseiller fédéral Ueli Maurer, vise à ancrer les normes éthiques dans le monde numérique par le biais de projets concrets et à apporter une contribution pertinente à l’éthique numérique.
Half a Million IoT Device Passwords Published
It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) « smart » devices.
1 Comment
Comments are closed.
Pingback: Veille Cyber N268 – 02 février 2020 |