Marriott perd les données de 5.2 millions clients et le problème Zoom #veille (5 avril 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

un petit clic pour ma veille

Vol / perte de données

Millions of Guests Impacted in Marriott Data Breach, Again

The second breach in less than 24 months stemmed from employee account compromises. For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.

Personal details for the entire country of Georgia published online | ZDNet

The personal details for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum over the weekend, on Saturday. Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file.

https://www.scmagazine.com/home/security-news/data-breach/14-million-key-ring-users-exposed-in-open-database/

« Secure » cloud storage provider exposes customer data in plain-text

Another day, another data breach – This time, researchers have identified a massive trove of data exposed on an unprotected Amazon S3 bucket. The worse part of it is that anyone with an Internet connection could access the data since it was left without any security authentication.

Cyber-attaques / fraudes

Cybercrimes et arnaques augmentent avec la pandémie, la police met en garde

En Suisse comme en Europe ou ailleurs, les populations sont confinées et ont peur. Une aubaine pour les cybercriminels, qui eux, ne sont pas freinés par la pandémie de coronavirus. Au contraire. Les autorités suisses et européennes mettent en garde contre une recrudescence d’attaques.

Cyberattaques contre des hôpitaux: la résistance s’organise

Les spécialistes de la sécurité informatique ont juré de faire payer les pirates profitant de la crise du Covid-19. « Nous avons un message très clair pour les gangs qui pratiquent le ransomware: ne ciblez pas les hôpitaux. Si vous le faites, vous subirez la colère de la communauté…

Beware of ‘ZoomBombing’: screensharing filth to video calls

The world is vulnerable to a new type of trolling as people turn to Zoom video calls to feel connected amidst quarantines. Jerks are using Zoom’s screensharing feature to blast other viewers with the most awful videos from across the internet, from violence to shocking pornography. That&#8217…

Hospitals VPNs Targeted by Ransomware as COVID19 Takes its Toll

Microsoft has been forced to alert several dozen hospitals in a « first of its kind notification » that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints. The tech giant claimed that attackers behind the REvil (Sodinokibi) variant, for one, are probing the internet for vulnerable systems, with VPNs in high demand at the moment as COVID-19 forces home working.

Zoom announces 90-day feature freeze to fix privacy and security issues

Zoom is promising to address its security and privacy issues in a 90-day feature freeze. It comes just as Zoom reveals 200 million people have been using its video calling app daily during the coronavirus pandemic, a huge increase from the 10 million back in December.

Des virus Covid-19 attaquent et effacent le contenu des ordinateurs – Geeko

Les cyberattaques sur fond de coronavirus explosent depuis le début de l’épidémie. Alors que la population mondiale se réfugie sur Internet pour se divertir et rester en contact, les cybercriminels multiplient les attaques et les moyens de profiter de la situation. En plus des tentatives d’hameçonnage par mail ou via des faux sites Internet liés…

Un pirate se défait de 15 000 serveurs Elasticsearch en deux semaines

Technologie : Un pirate informatique a pillé 15 000 serveurs Elasticsearch laissés sans protection sur la toile en signant son forfait du nom d’une célèbre société de cybersécurité. Son fondateur évoque un réglement de compte.

Un groupe de pirates informatiques déploie des portes dérobées sur des milliers de serveurs Microsoft SQL chaque jour, et exécute des logiciels malveillants, selon des chercheurs

Un rapport publié lundi par des chercheurs en cybersécurité montre qu’une campagne malveillante soutenue vise les machines Windows exécutant des Microsoft SQL (MS-SQL) servers pour déployer des portes dérobées et exécuter plusieurs types de logiciels malveillants, notamment des outils d’accès à distance (RAT) multifonctionnels et des cryptominers.

New Magecart Skimmer Compromised 19 Different Websites

A new Magecart skimmer has surfaced online that compromised a least 19 different websites in a recent campaign. While the skimmer was new, it served the same old purpose – stealing payment card data from websites. Researchers from RiskIQ have discovered a new Magecart skimmer that took over numerous websites in a recent campaign.

FBI Warns of Attacks on Remote Work, Distance Learning Platforms

FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement today about the risk of attacks exploiting the increased usage of online communication platforms for remote working and distance learning caused by the SARS-CoV-2 pandemic.

https://www.cshub.com/attacks/articles/incident-of-the-week-iotw-health-and-human-services-hit-with-security-breach

Zoom Phishers Register 2000 Domains in a Month

Over 2000 new phishing domains have been set up over the past month to capitalize on the surging demand for Zoom from home workers, according to new data from BrandShield. The brand protection company analyzed data from its threat hunting system since the start of the year, and found 3300 new domains had been registered with the word « Zoom » in them.

Failles / vulnérabilités

Zoom founder promises to remedy security, privacy concerns during a ‘feature freeze’ – CyberScoop

Zoom’s founder says the company behind the popular videoconferencing app will spend the next 90 days focused on fixing security issues. In a blog post Thursday, Zoom founder Eric S. Yuan said the technology firm is enacting a « feature freeze, » in which employees will turn their attention from enhancing usability toward tightening data protection.

NATO Report Warns of New Authoritarian Chinese Splinternet

Chinese government plans to push through standardization of a new internet architecture could broaden the threat landscape, destabilize security and privacy, and fragment the world wide web, a new NATO report seen by Infosecurity will warn. First proposed at the UN’s International Telecommunication Union (ITU) last September, the plans call for a replacement to the current TCP/IP model, dubbed « New IP. »

Twitter reveals Mozilla Firefox bug that stores your direct messages for up to 7 days

Twitter recently warned users of a Mozilla Firefox bug that grants access to accounts » non-public information to anyone using the device. « We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache, » Twitter said in a statement on April 2.

Réglementaire / juridique

FBI accuses Russian man of laundering money for a transnational cybercrime network – CyberScoop

FBI agents have arrested a Russian citizen accused of laundering money for a cybercriminal gang that allegedly stole funds from a range of U.S. banks. A complaint unsealed Monday against Maksim Boiko, 29, alleges that he worked with a transnational organized crime group, called QQAAZZ, by converting stolen money into cryptocurrency.

Dark Web child abuse gang busted; 15TB of files seized

Last month HackRead.com reported about a worldwide police operation against child pornography content sites that led to the seizing of DarkScandals and the arrest of its administrator Mr. Dark. The website was reportedly offering over 2,000 images and videos of objectionable content including real footage of violent rape, blackmailing, and child abuse material.

Divers

https://www.ictjournal.ch/news/2020-04-01/le-conseil-federal-facilite-lemission-de-la-signature-electronique
https://www.ictjournal.ch/news/2020-04-02/ictswitzerland-etoffe-son-test-de-cybersecurite-pour-les-pme

Le ministre Jean-Michel Blanquer est devenu la risée des twittos… à cause de hackers russes

Justifier en partie les ruptures techniques des espaces numériques de travail par des cyberattaques  » venues de Russie  » n’était probablement pas le meilleur réflexe de communication.

Veilleur et spécialiste en cybersécurité

Comments are closed.