Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices | ZDNet
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) « smart » devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.
Billions of passwords now available on underground forums, say security researchers | ZDNet
Usernames and passwords for over 15 billion accounts, including network administrator accounts, bank accounts and streaming services are in circulation online, according to security company researchers. Cybersecurity researchers at Digital Shadows spent 18 months analysing how hackers gain access to and use stolen account details and have detailed how account takeover has never been easier or cheaper for cyber criminals.
Police Are Buying Access to Hacked Website Data
The sale is « an end-run around the usual legal processes. »
Cyber-attaques / fraudes
North Korean hackers linked to web skimming (Magecart) attacks, report says | ZDNet
North Korea’s state-sponsored hacking crews are breaking into online stores to insert malicious code that can steal buyers’ payment card details as they visit the checkout page and fill in payment forms. Attacks on online stores have been going on since May 2019, said Dutch cyber-security firm SanSec in a report published today.
570 sites d’e-commerce piratés, dont 25 français : attention à votre numéro de carte bancaire
Quelques sites web français figurent dans cette longue liste de compromission. Mieux vaut vérifier si vous n’avez pas laissé votre numéro de carte sur l’une de ces pages.
Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data | ZDNet
Two security researchers said this week that they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from popular vendor C-Data. FTTH stands for Fiber-To-The-Home, while OLT stands for Optical Line Termination.
Microsoft seizes six domains used in COVID-19 phishing operations | ZDNet
Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures. According to court documents obtained by ZDNet, Microsoft has targeted a phishing group that has been targeting the company’s customers since December 2019.
Cerberus banking Trojan infiltrates Google Play | ZDNet
Security researchers have discovered the Cerberus banking Trojan disguised as a legitimate currency app on Google Play. On Tuesday, the cybersecurity team at Avast said the malicious app in question posed as a legitimate currency converter app designed for Spanish users.
‘Undeletable’ Malware Shows Up in Yet Another Android Device
Security researchers have identified yet another Android-based mobile device available through the government-funded Lifeline Assistance Program pre-loaded with malware, a discovery adding evidence to the disturbing trend of smartphones infected with undeletable malicious code upon purchase.
Failles / vulnérabilités
Des montres connectées pointées du doigt pour des failles de sécurité majeures
Technologie : Des montres connectées destinées aux personnes vulnérables sont montrées du doigt par une étude qui révèle qu’elles pourraient être piratées pour passer des appels, espionner leurs utilisateurs ou envoyer de faux messages. Intouchables les montres connectées ? Pas vraiment, comme le prouve une étude publiée récemment.
Amazon tells employees to remove TikTok from their phones due to security risk | ZDNet
Updated at 20:20pm ET time to add that Amazon has said that the email sent to employees banning TikTok was sent in error. Employees will still be allowed to use the app on their devices. Original article below.
Amazon Says Email Ordering Employees to Delete TikTok Was Sent in Error
Amazon.com Inc . on Friday afternoon reversed a demand that employees delete the TikTok app from company mobile devices, a shocking turnabout from a dictate that just hours before had stoked concern about the app’s security and ties to China.
Risky blogspot.in domain for sale after Google fails to renew it
Millions of indexed blogspot.in URLs are at risk of being abused for malicious purposes after Google let the domain expire, and it was purchased and put up for sale by another company. Google allowed their blogspot.in domain expire in early June 2020, and it has been purchased by another company that is selling it for $6,000.
Réglementaire / juridique
In Hong Kong, a Proxy Battle Over Internet Freedom Begins (Published 2020)
As the city grapples with new restrictions on online speech, American tech giants are on the front line of a clash between China and the United States over the internet’s future. As Hong Kong grapples with a draconian new security law, the tiny territory is emerging as the front line in a global fight between the United States and China over censorship, surveillance and the future of the internet.
BlueLeaks : Berlin saisit un serveur hébergeant des données sur des policiers américains
Technologie : Les autorités allemandes viennent de saisir le serveur à l’origine des BlueLeaks. Celui-ci avait publié plus de 269 Go de données et plus d’un million de fichiers concernant les forces de police américaines. Les autorités allemandes ont saisi ce mercredi un serveur web qui hébergeait BlueLeaks, un site web qui donnait accès à des documents internes volés aux services de police américains.
Italy and Romania take down cyber fraud ring generating €20 million per year in criminal profits
The Italian National Postal and Communication Police Unit (Polizia Postale e delle Comunicazioni) and the Romanian National Police (Poliția Română), supported by Europol and Eurojust, dismantled an organised criminal group involved in financial fraud, cybercrime and money laundering.
Cet ancien ingénieur de Yahoo échappe à la prison, il avait piraté 6 000 comptes pour y chercher du porno
Technologie : L’homme a été condamné à cinq ans de mise à l’épreuve, avec une peine de détention à domicile. Un ancien ingénieur de Yahoo a été condamné à cinq ans de probation et une peine de détention à domicile pour avoir piraté les comptes personnels de plus de 6 000 utilisateurs de Yahoo Mail afin de rechercher des images et des vidéos sexuellement explicites.
Russian hacker Yevgeniy Nikulin found guilty on most serious charges after years of legal wrangling – CyberScoop
A U.S. jury has found an accused Russian hacker guilty on charges that he hacked LinkedIn and Formspring in a pair of 2012 data breaches in which he stole credentials belonging to more than 100 million Americans. Yevgeniy Nikulin was found guilty after just hours of deliberation, roughly eight years after he first infiltrated the U.S.
FBI arrests Famous Instagrammer Ray Hushpuppi over $125m BEC scam
Roman Abbas, aka Ray Hushpuppi, is a famous Nigerian social media star and followed by millions on Instagram where he often posts about his lavish lifestyle. Perhaps this has landed him into trouble, as law enforcement authorities were skeptical of how he became super-rich, and further probe led to some startling revelations about the Nigerian Instagrammer.
L’identité du hacker Fxmsp dévoilée par un juge américain
L’identité d’un hacker connu pour avoir volé des informations à plus de 300 entreprises et gouvernements dans 44 pays a été dévoilée par un juge américain. L’homme d’origine kazakhe s’est fait un nom en piratant en 2019 plusieurs entreprises de cybersécurité. Fxmsp a commencé ses activités en 2016.
Divers
Le Royaume-Uni et l’Australie enquêtent sur Clearview AI, spécialisé dans la reconnaissance faciale
Dans un communiqué commun publié le 9 juillet, le Bureau du commissaire à l’information australien (OAIC) et le Bureau du commissaire à l’information britannique (ICO) ont annoncé lancer une enquête contre Clearview AI.
Le nouveau ransomware qui attaque Mac est encore plus dangereux que prévu
Si les virus sur Mac sont rares, ils ne sont pas non plus inexistants -contrairement aux idées reçues. Il y a quelques jours, le chercheur en sécurité Dinesh Devadoss évoquait l’existence d’un nouveau ransomware pour Mac baptisé EvilQuest/ThiefQuest.
Les Swiss Cyber Security Days de retour à Forum Fribourg en 2021
Forum Fribourg accueillera les Swiss Cyber Security Days (SCSD) les 10 et 11 mars 2021. Le thème de cette troisième édition de la plateforme suisse pour la cybersécurité sera « la promesse oubliée d’un Internet porteur de sens ».
1 Comment
Comments are closed.
Pingback: Veille Cyber N292 – 20 juillet 2020 |