mercredi , 30 septembre 2020

L’EPFL touchée par une cyberattaque et 20 nouveaux cyberspécialistes pour la Suisse #veille #cybersécurité (31 mai 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

BigFooty.com Leaks 70 Million Records from Sports Fan Members

The team at Security Detectives has discovered another leaky database. BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. The data in some… #BigFootycom #databreach #dataleak

https://www.hackread.com/47m-truecaller-indian-users-data-sold-online/

NTT warns its Japanese cloud may have been compromised

Global system integrator NTT’s Japanese subsidiary NTT Communications has said someone hacked their way into its hosting and cloud services in an incident that potentially exposed over 600 customers’ data. A Japanese-language statement that The Register has run through a pair of online translate-o-matic services says the service provider was infiltrated on May 7.

Covid-19 : L’application de pistage du Qatar a exposé les données d’un million de personnes

Une faille de sécurité dans l’application de pistage numérique du Qatar a exposé les données d’un million de personnes, alerte l’ONG Amnesty International le 26 mai 2020. La faille a été corrigée Cette faille, désormais corrigée par les autorités, rendait les informations telles que les noms, des numéros de carte d’identité, des informations médicales et des données de géolocalisation accessibles alors qu’elles n’auraient pas dû l’être.

An archive with 20 Million Taiwanese’ citizens leaked in the Dark web

A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”

Cyber-attaques / fraudes

Les cyberpirates qui ont attaqué Stadler Rail ont publié des données

Les pirates informatiques ayant dérobé des données à Stadler Rail début mai sont sortis du bois. Face au refus du fabricant thurgovien de matériel ferroviaire de négocier, ils ont publié sur internet une partie des documents volés. Ils exigeaient le paiement d’une rançon de 6 millions de dollars (quasiment autant en francs) en bitcoin.

https://www.rts.ch/info/suisse/11359392-l-epfl-egalement-touchee-par-une-cyberattaque-visant-les-superordinateurs.html

Israeli official confirms attempted attack on water systems, says ‘winter is coming’ in cyberspace

Israel last month thwarted a cyberattack on control systems at water facilities, a senior government official said Thursday while warning of the dangers of escalating conflicts in cyberspace. The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident.

A new COVID-19-themed campaign targets Italian users

Security experts from D3Lab have uncovered a new COVID-19-themed phishing campaign that is targeting the users of the Italian National Institute for Social Security (INPS). Like a previous campaign observed in early April, threat actors set up a fake INPS site used ( “inps-it[.]top”) to trick victims into downloading a malicious app.

Failles / vulnérabilités

Bank of America Security Incident Affects PPP Applicants

The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared. Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors.

Réglementaire / juridique

Judge demands Capital One release Mandiant cyberforensic report on data breach | ZDNet

A judge has ruled that Capital One must release the forensic report prepared by Mandiant following a data breach, of which the company is now being sued over. On Tuesday, Judge John Anderson from the US District Court for the Eastern District of Virginia ruled that Capital One is required to provide a copy of the report to attorneys suing the firm on behalf of customers impacted by the breach.

New York man was charged with stealing credit card data via SQL Injection

New York City man Vitalii Antonenko (28) was charged with hacking, credit card trafficking, and money laundering conspiracies, states the US DoJ. The man was arrested in March 2019 and detained after his arrival from Ukraine. The man was carrying computers and other digital media holding containing hundreds of thousands of stolen payment card numbers.

Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw

Roberto Escobar’s company has reportedly filed a $2.6 billion lawsuit against Apple for purportedly having lame-o security – security so bad, his address purportedly got leaked through FaceTime and has led to subsequent assassination attempts.

EasyJet breach affecting 9 million results in massive GDPR lawsuit

Written by Jeff Stone May 27, 2020 | CYBERSCOOP Lawyers always seem to recognize a good data breach when they see one. A British law firm, PGMBM, announced Tuesday it filed a lawsuit against EasyJet, the largest airline in the U.K., in connection with a security incident in which details about 9 million people were exposed.

FBI Officials Arrest Another Alleged FIN7 Gang Member

According to newly released court documents, Ukrainian national Denys Iarmak has been arrested for alleged involvement in the malicious cyber campaigns run by the infamous hacking group FIN7. Among others, Iarmak has been charged with conspiracy to commit… #creditcardfraud #cybercrime #fbi

Divers

La Confédération va engager 20 spécialistes en cybersécurité

Le Conseil fédéral crée 20 nouveaux postes pour protéger la Suisse contre les cyberrisques et dédiés à la mise en oeuvre de la stratégie nationale de protection de la Suisse contre les cyberrisques (SNPC) pour 2020 à 2022.

About Marc Barbezat

Blogueur et spécialiste en cybersécurité

Check Also

kit premier secours

Un guide du NIST pour se rétablir après une attaque de ransomware

Le NIST a publié un guide pratique sur la cybersécurité que les entreprises peuvent utiliser pour se remettre d'attaques de type ransomware

Un dealer du darknet trahi … par ses empreintes digitales

Voici le récit intéressant qui montre comment un e-baron de la drogue est tombé grâce à une simple photographie.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter