jeudi , 1 octobre 2020

Le malware Emotet surfe sur la crainte des coronavirus et l’ONU piratée à Genève #veille (2 fév 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

https://www.infosecurity-magazine.com/news/breach-at-indian-airline-affects/

Avast acknowledges collecting user data; shuts down Jumpshot

The anti-virus giant Avast has announced shutting down one of its subsidiaries called Jumpshot after the company was found stealing user data and selling it for big bucks. On January 28th, 2020 based on the investigation by PCMag and Vice, HackRead reported that Avast was secretly stealing browsing data from millions of its customers and selling it to third-parties.

Cyber-attaques / fraudes

UN hacked, becomes target of massive state-sponsored spying op

The United Nations (UN) is regarded as an all-talk-no-action organization primarily because of its utter failure in protecting the developing world from destruction at the hands of and dictators and superpowers. However, it seems that the organization is as helpless in its internal matters as it is towards world issues.

Coronavirus Campaigns Spread Emotet, Malware

The ongoing global spread of the disease precipitates malware infections. As the coronavirus originating in the Wuhan province of China continues to stir widespread fears about a global public health crisis, some see an opportunity in the outbreak. A recent spate of malicious, botnet-driven emails is using the coronavirus as a theme, according to telemetry from IBM X-Force and Kaspersky.

US Interior Dept extends drone grounding over foreign hacking fears

Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected to their manufacture in China or use of Chinese parts.

Iranian Hackers Target U.S. Gov. Vendor With Malware

APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments. Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S.

Ransomware hits TV & radio news monitoring service TVEyes | ZDNet

A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe. TVEyes CEO David Ives told ZDNet the ransomware attack took place after midnight on Thursday, January 30.

https://www.zdnet.com/article/iranian-hackers-target-us-government-workers-in-new-campaign/

DOD contractor Electronic Warfare Associates hit with Ryuk ransomware – CyberScoop

Written by Shannon Vavra Jan 30, 2020 | CYBERSCOOP Electronic Warfare Associates (EWA), a government contractor that works with the Department of Defense, Department of Justice, and Department of Homeland Security, has been hit with a ransomware attack, CyberScoop has learned.

Japanese company NEC confirms 2016 security breach | ZDNet

Japanese electronics and IT company NEC Corp disclosed a security breach today that took place more than three years ago, in December 2016. The company’s admission comes after reports in Japanese media [ 1, 2, 3] that the company might have suffered a security breach but decided to keep it quiet.

Le malware Shlayer n’en finit plus de faire des dégâts chez les utilisateurs macOS

Ce n’est pas le plus dangereux mais cela ne l’empêche pas d’être très actif. Le malware Shlayer, dont la découverte remonte à début 2018, a particulièrement frappé les utilisateurs de macOS au cours de l’année 2019. Selon un rapport de la société de cybersécurité Kaspersky, près de 30% des attaques contre les appareils équipés du système d’exploitation étaient effectuées via ce logiciel malveillant.

Bouygues Construction victime d’un rançongiciel, une enquête judiciaire ouverte

Bouygues Construction a été victime d'une rançongiciel. Le groupe français de BTP a arrêté les systèmes d'information pour éviter toute propagation, raison pour laquelle les boîtes mails professionnels et applications sont inaccessibles en France et à l'étranger. Une enquête judiciaire a été ouverte. Pour l'instant, l'entreprise refuse d'apporter davantage de précisions sur l'incident.

Failles / vulnérabilités

Webex flaw allowed anyone to join private online meetings – no password required * Graham Cluley

Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.The vulnerability, which was rated as high severity by Cisco in a security advisory it published on its website, could allow a complete stranger to snoop upon a private conversation.

Google’s bug bounty program just had a record-breaking year of payouts | ZDNet

Bug hunting may never have been so lucrative: Google has revealed that it dished out a record $6.5 million in 2019 – that is, double the amount paid out the previous year – in rewards for researchers who successfully uncovered vulnerabilities across the search-to-advertising giant’s vast range of products and services.

Réglementaire / juridique

Berlin’s high court should rebuild computer system after Emotet infection, report finds – CyberScoop

Berlin’s highest court should completely rebuild its computer infrastructure after hackers ran roughshod through the network and likely stole data in the process, according to a forensic report released Monday. Poor security controls allowed the attackers to install two types of information-stealing malware last fall, said the study conducted by an IT subsidiary of Deutsche Telekom and released by German lawmakers investigating the incident.

UK High Court Approves Freeze on $1M Ransomware Payment

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020.

AIG must cover client’s $5.9 million in cyber-related losses, judge rules – CyberScoop

Insurance giant AIG must cover nearly $6 million in losses for a client that was fleeced by an email scam carried out by suspected Chinese hackers, a federal court has decided. A judge in the Southern District of New York ruled Wednesday that AIG was in breach of contract when it previously denied a claim from SS&C Technologies, a $6 billion financial technology firm.

AlphaBay Dark Web Market Moderator Faces up to 20 Years in Prison

Dark web marketplace moderator Bryan Connor Herrell pleaded guilty in the United States to conspiring to engage in a racketeer-influenced corrupt organization. While the infamous Silk Road made a lot more headlines, another dark web market place had many… #AlphaBay #darkweb #DepartmentofJustice

Divers

Tech4Trust awards four cybersecurity startups Startupticker.ch | The Swiss Startup News channel

Tech4Trust is a 4-month acceleration program for companies developing innovative solutions to improve trust within information technologies. It is the first step of a broader, high impact initiative led by Canton de Vaud, academic institutions and leading corporations to promote and connect all actors active in digital trust and cybersecurity, at national level.

https://www.ictjournal.ch/news/2020-01-30/swissid-pourra-servir-a-se-connecter-au-dossier-electronique-du-patient

Avast ferme sa filiale qui était accusée de vendre des données

Lorsqu’on utilise un logiciel antivirus, on ne s’attend généralement pas à ce que celui-ci puisse vendre nos données. Pourtant, il y a quelques jours, une enquête accusait l’éditeur Avast d’avoir vendu des données d’utilisateurs. Cela ne se faisait pas directement via Avast, mais plutôt via une filiale baptisée Jumpshot.

About Marc Barbezat

Blogueur et spécialiste en cybersécurité

Check Also

kit premier secours

Un guide du NIST pour se rétablir après une attaque de ransomware

Le NIST a publié un guide pratique sur la cybersécurité que les entreprises peuvent utiliser pour se remettre d'attaques de type ransomware

Un dealer du darknet trahi … par ses empreintes digitales

Voici le récit intéressant qui montre comment un e-baron de la drogue est tombé grâce à une simple photographie.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter