mercredi , 30 septembre 2020
smartphone Twitter

Twitter piraté et la fin du Privacy Shield #veille (19 juil 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Database with 271 million Wattpad accounts leaked on hacker forum

It seems like selling hacked databases comprising of a treasure trove of authentic user info has become the new fad for cybercriminals. We recently reported about the leaked database containing personal details of around 142 million MGM Hotels’ customers being sold for as low as $2900 on the dark web.

142 million MGM customers’ data sold on dark web marketplace

In February 2020, Hackread.com reported a data breach targeted against MGM Resorts, in which over 10.6 million of its customers were affected. At that time, the data also contained information on guests like Justin Bieber and Twitter’s Jack Dorsey. However, as per the latest reports, the number of affected users is way higher than this.

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity.

Iranian cyberspies leave training videos exposed online | ZDNet

One of Iran’s top hacking groups has left a server exposed online where security researchers say they found a trove of screen recordings showing the hackers in action. Discovered by IBM’s X-Force cyber-security division, researchers believe the videos are tutorials the Iranian group was using to train new recruits.

Iran-linked hackers steal sensitive data from US Navy member, researchers say – CyberScoop

Allison Wikoff has spent years tracking suspected Iranian hackers, sifting through data they’ve left behind and analyzing their techniques. But in May, when her colleague stumbled upon a server with 40 gigabytes of the hackers’ training videos and online personas, Wikoff knew she had struck gold.

https://www.infosecurity-magazine.com/news/millions-logins-uk-ticket-site/

Millions of LiveAuctioneers passwords offered for sale following data breach * Graham Cluley

Researchers claim to have found evidence that cybercriminals are offering for sale a database containing the personal details of 3.4 million users of an online art and antiques auction website, as well as three million cracked passwords.

Citrix allegedly hacked exposing database with 2000,000 users

We come across data breaches every day due to lax security measures in place. Just an hour ago Hackread.com reported how a hacker has been selling 142 million MGM customers data and now an attacker is claiming that they hacked Citrix Systems. Citrix Systems, Inc.

Cyber-attaques / fraudes

Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam | ZDNet

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday. The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address in exchange for a larger pay back.

Cyber-attaque : que s’est-il vraiment passé cette nuit sur Twitter ?

Mercredi 15 juillet à partir de 22h, Twitter a connu l’un des pires jours de son histoire. En 14 ans, le réseau social à l’oiseau bleu n’avait jamais connu de tel scénario : en l’espace de 30 minutes, plus d’une dizaine de comptes parmi les plus influents de la tech, de la politique et du monde des crypto-monnaies ont été pris de contrôle par une personne ou un groupe de personnes malveillantes.

Russia Is Trying to Hack COVID-19 Vaccine Development

The U.S., U.K., and Canada say the same hackers who targeted the Democratic party during the 2016 election are now trying to “hinder” the fight against COVID-19

Diebold Nixdorf warns of a new class of ATM ‘black box’ attacks across Europe | ZDNet

ATM maker Diebold Nixdorf is warning banks of a new type of ATM “black box” attack that was recently spotted used across Europe. ATM “black box” attacks are a type of jackpotting attack — when cybercriminals make an ATM spit out cash.

New Android Malware Now Steals Passwords For Non-Banking Apps Too

Hackers are spreading a new modified Android banking malware app that targets not only baking apps but also steals credentials for social networking, dating, cryptocurrency, and other non-financial apps.

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials

The CIA is running a secret cyberwar including Russian-style hack-and-leak operations with little or no oversight, US officials have warned. The covert operations are largely targeted at Iran, China, Russia, and North Korea, say anonymous sources, and have included the public disclosure of 15 million debit card details belonging to customers of Iranian banks, according to a report by Yahoo!

Hacker breaches security firm in act of revenge | ZDNet

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

Failles / vulnérabilités

FBI Issues Cybersecurity Warning to Air Travelers

The Federal Bureau of Investigation has issued a warning to air travelers to be wary of bogus US airport websites when booking flights online. Cyber-supervisory special agent Conal Whetten spoke to members of the press on Wednesday to raise awareness regarding the creation of a number of websites cleverly faked to look like the real deal.

PoC exploits released for SAP Recon vulnerabilities, patch now!

Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices. Discovered by Onapsis, The RECON ( Remotely Exploitable Code On NetWeaver) vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10.

Réglementaire / juridique

L’UE sabre le Privacy Shield, l’accord qui autorisait le transfert des données vers les Etats-Unis

C’était une décision très attendue. La Cour de justice de l’Union européenne invalide le 16 juillet le Privacy Shield, appelé aussi le bouclier de protection des données UE-Etats-Unis. Négocié entre 2015 et 2016, cet accord autorisait les entreprises européennes à transférer des données personnelles en outre-Atlantique, en reconnaissant que la législation américaine offrait les mêmes garanties que le droit européen.

LinkedIn Hacker Finally Found Guilty

A Russian hacker has finally been convicted of cyber-attacks on LinkedIn, Dropbox and Formspring which breached millions of customer accounts, after spending years in custody. Yevgeniy Nikulin, now 32, was arrested in 2016 in Prague and detained there for over a year while US and Russian officials submitted extradition requests.

Divers

Fitbit, Google Assistant, Alexa… L’UE se penche sur les pratiques anticoncurrentielles des assistants et objets connectés

La Commission européenne va enquêter sur les pratiques antitrust dans le secteur de l'IoT qui brasse des quantités gigantesques de données, parfois sensibles. Sont visées par cette procédure les entreprises commercialisant des montres connectées, des bracelets fitness, des assistants personnels, des télévisions connectées…

UK Bans Deployment of Huawei Technology Over Security Fears

UK Prime Minister Boris Johnson has ordered Huawei equipment to be removed completely from Britain’s 5G network by 2027. After the Chinese company had been previously approved to run the UK’s 5G network on a limited basis, the UK’s National Security Council has decided to ban the purchase of 5G components from the end of this year, and ordered the removal of all existing Huawei technology from the 5G network by 2027.

US Army Seeks Cryptocurrency Tracing Tools

The United States Army has expressed interest in kitting out its principal investigative division with cryptocurrency tracing tools. In a Statement of Work ( SOW) published July 10, the Army’s Criminal Investigation Command’s Major Cybercrime Unit (MCU) began the process of welcoming bids from contractors.

About Marc Barbezat

Blogueur et spécialiste en cybersécurité

Check Also

kit premier secours

Un guide du NIST pour se rétablir après une attaque de ransomware

Le NIST a publié un guide pratique sur la cybersécurité que les entreprises peuvent utiliser pour se remettre d'attaques de type ransomware

Un dealer du darknet trahi … par ses empreintes digitales

Voici le récit intéressant qui montre comment un e-baron de la drogue est tombé grâce à une simple photographie.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

La newsletter