Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
BigFooty.com Leaks 70 Million Records from Sports Fan Members
The team at Security Detectives has discovered another leaky database. BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. The data in some instances included « technical information relating to the company »s web and mobile sites.
Alleged data of 47.5 million Truecaller Indian users sold online
We come across data breaches every day. Consequently, companies respond in a variety of ways. Sometimes, acknowledgments are made along with compensatory actions while sometimes, there is denial. One such case of the latter has been observed recently by researchers at Cyble when the data of 47.5 million Indian users was apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller.
NTT warns its Japanese cloud may have been compromised
Global system integrator NTT’s Japanese subsidiary NTT Communications has said someone hacked their way into its hosting and cloud services in an incident that potentially exposed over 600 customers’ data. A Japanese-language statement that The Register has run through a pair of online translate-o-matic services says the service provider was infiltrated on May 7.
Covid-19 : L’application de pistage du Qatar a exposé les données d’un million de personnes
Une faille de sécurité dans l’application de pistage numérique du Qatar a exposé les données d’un million de personnes, alerte l’ONG Amnesty International le 26 mai 2020. La faille a été corrigée Cette faille, désormais corrigée par les autorités, rendait les informations telles que les noms, des numéros de carte d’identité, des informations médicales et des données de géolocalisation accessibles alors qu’elles n’auraient pas dû l’être.
Cyber-attaques / fraudes
Les cyberpirates qui ont attaqué Stadler Rail ont publié des données
Les pirates informatiques ayant dérobé des données à Stadler Rail début mai sont sortis du bois. Face au refus du fabricant thurgovien de matériel ferroviaire de négocier, ils ont publié sur internet une partie des documents volés. Ils exigeaient le paiement d’une rançon de 6 millions de dollars (quasiment autant en francs) en bitcoin.
L’EPFL également touchée par une cyberattaque visant les superordinateurs
Une attaque informatique survenue il y a deux semaines a pris pour cibles plusieurs centres de calcul informatique en Suisse et en Europe. Or, l’EPFL et l’Université de Bâle ont également été touchées, a appris la RTS jeudi.
Israeli official confirms attempted attack on water systems, says ‘winter is coming’ in cyberspace
Israel last month thwarted a cyberattack on control systems at water facilities, a senior government official said Thursday while warning of the dangers of escalating conflicts in cyberspace. The « synchronized and organized attack » on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident.
Failles / vulnérabilités
Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared. Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors.
Réglementaire / juridique
Judge demands Capital One release Mandiant cyberforensic report on data breach | ZDNet
A judge has ruled that Capital One must release the forensic report prepared by Mandiant following a data breach, of which the company is now being sued over. On Tuesday, Judge John Anderson from the US District Court for the Eastern District of Virginia ruled that Capital One is required to provide a copy of the report to attorneys suing the firm on behalf of customers impacted by the breach.
Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw
Roberto Escobar’s company has reportedly filed a $2.6 billion lawsuit against Apple for purportedly having lame-o security – security so bad, his address purportedly got leaked through FaceTime and has led to subsequent assassination attempts.
EasyJet breach affecting 9 million results in massive GDPR lawsuit
Written by Jeff Stone May 27, 2020 | CYBERSCOOP Lawyers always seem to recognize a good data breach when they see one. A British law firm, PGMBM, announced Tuesday it filed a lawsuit against EasyJet, the largest airline in the U.K., in connection with a security incident in which details about 9 million people were exposed.
FBI Officials Arrest Another Alleged FIN7 Gang Member
According to newly released court documents, Ukrainian national Denys Iarmak has been arrested for alleged involvement in the malicious cyber campaigns run by the infamous hacking group FIN7. Among others, Iarmak has been charged with conspiracy to commit computer hacking, fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft.
Divers
1 Comment
Comments are closed.
Pingback: Veille Cyber N286 – 08 juin 2020 |