Travelex aurait payé une rançon de 2,3 millions $ et Zoom envoie des données via la Chine #veille (12 avril 2020)

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !


Pour m'offrir un café en échange du travail de veille réalisé gratuitement

Vol / perte de données

Maropost customer database exposes 95 million email records

A leaky online database belonging to marketing and email delivery provider Maropost was found lacking minimum security measures, exposing 95 million email records belonging to their customers. Researchers from Cybernews stumbled on the unprotected database on a… #databreach #dataleak #exposeddata

Elasticsearch Database with 42 Million Records of Iranian Citizen…

An Elasticsearch database holding 42 million records of Iranian Telegram users was found on the web, for anyone to access. The private data included phone numbers and user names, and it’s unclear how long it was exposed. Despite heavy restrictions targeting the… #database #ElasticSearch #iran

Zoom Blow as Thousands of User Videos Are Found Online

Researchers have discovered thousands of private Zoom recordings exposed online, in another blow to the firm’s security credentials as it struggles to support a huge surge in users. Former NSA researcher Patrick Jackson told The Washington Post that he was able to find the videos via a simple cloud storage search.

Vol de données d’un fournisseur de messagerie électronique: 600000 victimes | WeLiveSecurity

Les données personnelles des utilisateurs sont désormais accessibles sur le web noir pour une valeur comprise entre 3 500$ et 22 000$ US, en Bitcoin. Les données personnelles de plus de 600 000 utilisateurs d’Email.it ont été volées et mises en vente sur le web noir.

Cyber-attaques / fraudes

Hacking forum gets hacked for the second time in a year | ZDNet

OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. “It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020,” said Ace, the forum’s administrator.

Marseille et sa Métropole affectées depuis un mois par une cyberattaque

Victimes d’une attaque informatique généralisée la veille du premier tour des élections municipales, la ville de Marseille et sa Métropole demeurent un mois plus tard encore largement affectées pendant cette période de confinement où le télétravail est de rigueur.

San Francisco airport websites compromised to swipe credentials | SC Media

Two websites affiliated with San Francisco International Airport (SFO) were compromised with code last March, allowing attackers to steal device login credentials from users who visited these sites, airport officials have disclosed. The breach affected the websites SFOConnect.com, which appears to deliver informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport construction projects, bids and contracts.

Interpol warns hospitals about COVID-19-based ransomware threat | SC Media

Interpol is warning hospitals and healthcare organizations to be aware that cybercriminals are ramping up the number of ransomware attacks targeting their facilities. Although it did not provide any statistics, Interpol has noted a significant increase in attacks taking place while these medical facilities are expending all their energy battling Coronavirus.

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online. The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand.

Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack. In an attack this past New Year’s Eve, hackers deployed the Sodinokibi ransomware throughout Travelex’s network causing them to shut down operations at 1,500 stores across the world.

Un opérateur de télécommunications russe détourne le trafic internet

Sécurité : Rostelecom a été impliqué dans un incident de détournement BGP cette semaine, affectant plus de 200 CDN et fournisseurs de Cloud. Plus tôt cette semaine, le trafic destiné à plus de 200 des plus grands réseaux de distribution de contenu (CDN) et hébergeurs cloud du monde a été redirigé de manière suspecte via Rostelecom, le fournisseur d’accès internet d’Etat russe.

Failles / vulnérabilités

Zoom : le service de vidéoconférence de nouveau épinglé pour la qualité médiocre de son chiffrement

Contrairement à ce qui est affirmé sur le site web de ce service de vidéoconférence, les flux audio et vidéo ne sont pas chiffrés en AES 256 bits, mais en AES 128 bits et selon un mode particulièrement faible et peu recommandable. Pire : les clés de chiffrement étaient parfois stockées…

Réglementaire / juridique

US Warns People that Zoom-bombing Is a Crime

Zoom-bombing, the act of highjacking Zoom video conferences by sharing pornographic and hate images among other things, might seem like an annoying practice, but law enforcement is warning people that it’s actually a crime and perpetrators might end up in… #covid19 #pandemic #teleconference

Dutch police arrests suspect behind DDoS attacks on government sites

A 19-year old man from Breda, Netherlands, was arrested today for allegedly carrying out distributed denial-of-service (DDoS) attacks that caused two Dutch government websites to shut down for several hours on March 19, 2020. The investigation was led by a public prosecutor from The Hague and was carried out by a cybercrime team from Utrecht’s Dutch police focused on mitigating and examining DDoS attacks.ack.”

Dutch Police takes down 15 DDoS-for-hire services in one week

Europe has become a hub for cyber crimes ranging from online child abuse platforms to DDoS-for-hire services and dark web marketplaces being operated from the continent. At the same time, law enforcement authorities are doing what’s possible to tackle the issue.

SEC settles with two suspects in EDGAR hacking case | ZDNet

The US Securities Exchange Commission has settled charges today with two of the nine people it suspects have been involved in hacking its EDGAR database in 2016. David Kwon and Igor Sabodakha agreed to pay fines and restitution, the SEC said in a press release.

Australians Arrested Over $2.6m Email Scam

Police in Australia have arrested two men in connection with a $2.6m BEC (business email compromise) scam involving phony invoices. The men are believed to be part of a syndicate responsible for emailing businesses with invoices doctored to divert transferred funds into the scammers’ personal bank accounts.

Europol and Singapore Police arrest suspect behind €6 million…

As the cybercrime landscape continues to expand amid the Coronavirus pandemic, governments around the world have joined forces to fight the rising criminal activity. In a press release from April 6, Europol announced that a 39-year old man suspected of a €6… #BEC #businessemailcompromise #covid19

Divers

Zoom’s fall: Google bans Zoom from staffers’ gear | ZDNet

A few weeks ago, Zoom was riding high. Zoom had become a verb. You didn’t video-conference, you Zoomed. Then came the constant drumbeat of one Zoom security problem after another, including the infamous Zoombombing. Zoom fought back with security fixes. But it may be too little too late.

China and Taiwan aren’t great friends. Zoom sends chats through China. So Taiwan has banned Zoom

A parliamentary order issued yesterday says the nation’s Department of Cyber Security (DCS) has decided that when government agencies, and some private entities, use videoconferencing: “The underlying video software to be used should not have associated security or privacy concerns, such as the Zoom video communication service.”

1 Comment

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter