L’EPFL touchée par une cyberattaque et 20 nouveaux cyberspécialistes pour la Suisse #veille #cybersécurité (31 mai 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

BigFooty.com Leaks 70 Million Records from Sports Fan Members

The team at Security Detectives has discovered another leaky database. BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. The data in some… #BigFootycom #databreach #dataleak

Alleged data of 47.5 million Truecaller Indian users sold online

We come across data breaches every day. Consequently, companies respond in a variety of ways. Sometimes, acknowledgments are made along with compensatory actions while sometimes, there is denial. One such case of the latter has been observed recently by researchers at Cyble when the data of 47.5 million Indian users was apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller.

NTT warns its Singapore cloud was hacked, Japanese customer data compromised

Global system integrator NTT has said someone hacked their way into its hosting and cloud services and may have accessed 600-odd customers’ data. A Japanese-language statement that The Register has run through a pair of online translate-o-matic services says the service provider was infiltrated on May 7 via Active Directory services running in its Singapore operations.

Covid-19 : L’application de pistage du Qatar a exposé les données d’un million de personnes

Une faille de sécurité dans l’application de pistage numérique du Qatar a exposé les données d’un million de personnes, alerte l’ONG Amnesty International le 26 mai 2020. La faille a été corrigée Cette faille, désormais corrigée par les autorités, rendait les informations telles que les noms, des numéros de carte d’identité, des informations médicales et des données de géolocalisation accessibles alors qu’elles n’auraient pas dû l’être.

An archive with 20 Million Taiwanese’ citizens leaked in the Dark web

A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”

Cyber-attaques / fraudes

Les cyberpirates qui ont attaqué Stadler Rail ont publié des données

Ils exigeaient le paiement d’une rançon de 6 millions de dollars (quasiment autant en francs) en bitcoin. “Stadler n’est pas et n’a jamais été disposé à effectuer des paiements aux maîtres chanteurs et n’a pas entamé de négociation”, a indiqué vendredi à AWP un porte-parole de l’entreprise établie à Bussnang, confirmant une information du journal Tages-Anzeiger.

L’EPFL également touchée par une cyberattaque visant les superordinateurs

Il y a une quinzaine de jours, cette attaque a visé les centres de calcul informatique de plusieurs universités en Europe et en Suisse, notamment l’Ecole polytechnique fédérale de Zurich (EPFZ) et le Centre national de calcul scientifique (CSCS) à Lugano.

Israeli official confirms attempted attack on water systems, says ‘winter is coming’ in cyberspace

Israel last month thwarted a cyberattack on control systems at water facilities, a senior government official said Thursday while warning of the dangers of escalating conflicts in cyberspace. The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident.

A new COVID-19-themed campaign targets Italian users

Security experts from D3Lab have uncovered a new COVID-19-themed phishing campaign that is targeting the users of the Italian National Institute for Social Security (INPS). Like a previous campaign observed in early April, threat actors set up a fake INPS site used ( “inps-it[.]top”) to trick victims into downloading a malicious app.

Failles / vulnérabilités

Bank of America Security Incident Affects PPP Applicants

The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared. Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors.

Réglementaire / juridique

Judge demands Capital One release Mandiant cyberforensic report on data breach | ZDNet

A judge has ruled that Capital One must release the forensic report prepared by Mandiant following a data breach, of which the company is now being sued over. On Tuesday, Judge John Anderson from the US District Court for the Eastern District of Virginia ruled that Capital One is required to provide a copy of the report to attorneys suing the firm on behalf of customers impacted by the breach.

New York man was charged with stealing credit card data via SQL Injection

New York City man Vitalii Antonenko (28) was charged with hacking, credit card trafficking, and money laundering conspiracies, states the US DoJ. The man was arrested in March 2019 and detained after his arrival from Ukraine. The man was carrying computers and other digital media holding containing hundreds of thousands of stolen payment card numbers.

Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw

Roberto Escobar’s company has reportedly filed a $2.6 billion lawsuit against Apple for purportedly having lame-o security – security so bad, his address purportedly got leaked through FaceTime and has led to subsequent assassination attempts.

EasyJet breach affecting 9 million results in massive GDPR lawsuit

Written by Jeff Stone May 27, 2020 | CYBERSCOOP Lawyers always seem to recognize a good data breach when they see one. A British law firm, PGMBM, announced Tuesday it filed a lawsuit against EasyJet, the largest airline in the U.K., in connection with a security incident in which details about 9 million people were exposed.

FBI Officials Arrest Another Alleged FIN7 Gang Member

According to newly released court documents, Ukrainian national Denys Iarmak has been arrested for alleged involvement in the malicious cyber campaigns run by the infamous hacking group FIN7. Among others, Iarmak has been charged with conspiracy to commit… #creditcardfraud #cybercrime #fbi

Divers

La Confédération va engager 20 spécialistes en cybersécurité

Le Conseil fédéral crée 20 nouveaux postes pour protéger la Suisse contre les cyberrisques et dédiés à la mise en oeuvre de la stratégie nationale de protection de la Suisse contre les cyberrisques (SNPC) pour 2020 à 2022.

1 Comment

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter