Un hold-up de 150 Mios $ et le code de Windows XP dans la nature #veille (27 sept. 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Windows XP source code leaked online, on 4chan, out of all places | ZDNet

The source code for Windows XP, Windows Server 2003, and other Microsoft operating systems have been published online this week. The OS sources were leaked online as a 42.9 GB torrent file on 4chan, an online message board often frequented by trolls and extremist groups.

Biélorussie : des hackers diffusent les informations personnelles de 1.000 policiers

Alors que le pouvoir s’enfonce dans une réponse de plus en plus autoritaire en s’en prenant violemment aux manifestants pacifiques des hackers organisent une contre-attaque à base de publication de données personnelles.

India’s COVID-19 surveillance tool exposed millions of user data

A research report from VPNmentor revealed that a COVID-19 surveillance tool dubbed Surveillance Platform Uttar Pradesh COVID-19 was compromised on August 1st, leading to a massive data breach. According to researchers, various vulnerabilities were exploited to compromise the surveillance platform, but the primary reason behind the breach was a severe lack of security.

Details of 540,000 sports referees taken in failed ransomware attack | ZDNet

A company that provides software for sports leagues to manage referees and game officials has disclosed a security incident that impacted around 540,000 of its registered members – consisting of referees, league officials, and school representatives. ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year.

Louis Vuitton fixes data leak and account takeover vulnerability

Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets. Founded in 1854, Louis Vuitton is a prominent luxury French fashion brand and merchandise company with over 121,000 employees and a $15 billion annual revenue.

Strava app shows your info to nearby users unless this setting is disabled

Popular running and cycling app Strava can expose your information to nearby strangers, which has sparked privacy concerns among its users. After learning of this information sharing feature, some fear this functionality can be abused for stalking and “predatory” motives.

U.S. fitness chains suffer data breach affecting 600K customers

New York fitness chain Town Sports has suffered a data breach after a database containing the personal information of over 600,000 people was exposed on the Internet. Town Sports International is the owner of well-known United States fitness centers and gyms, including New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, and Total Woman Gym and Spa.

Cyber-attaques / fraudes

KuCoin cryptocurrency exchange hacked for $150 million | ZDNet

Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds. Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.

CISA says a hacker breached a federal agency | ZDNet

A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday. The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed.

Covid-19: Des hackers chinois volent des données liées à la recherche vaccinale espagnole

Des pirates chinois ont réussi à dérober des données appartenant à des laboratoires espagnols spécialisés dans la recherche vaccinale contre le Covid-19, rapporte le quotidien espagnol le 18 septembre. Une campagne particulièrement “virulente” Paz Estéban, la directrice du Centre national de renseignement espagnol, a indiqué que cette campagne était particulièrement ” virulente” et ciblait ” des secteurs sensibles tels que la santé et la fabrication de médicaments”.

Government software provider Tyler Technologies hit by ransomware

Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations. Tyler Technologies is one of the largest U.S. software development and technology services companies dedicated to the public sector. With a forecasted $1.2 billion in revenue for 2020 and 5,500 employees, Tyler Technologies provides technical services for local governments in many states in the USA.

Ray-Ban owner Luxottica confirms ransomware attack, work disrupted

09/22 update is added below. This post was originally published on September, 21st, 2020. Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China. Luxottica is the world’s largest eyewear company that employs over 80,000 people and generated 9.4 billion in revenue for 2019.

Russian hackers use fake NATO training docs to breach govt networks

Russian cyber espionage group known by names, Fancy Bear and APT28 has been behind a targeted attack campaign aimed at government bodies. The group delivers a hard-to-detect strand of Zebrocy Delphi malware under the pretense of providing NATO training materials.

Ukraine National Police website down after hacker intrusion

The official website of the Ukraine National Police has been temporarily shut down after authorities identified hacker intrusion earlier this morning. In a Facebook post, the National Police acknowledged the incident and revealed that the unknown hacker published inaccurate information on some of the websites operated by different regional police departments.


Le cheval de Troie bancaire ” Alien “, nouveau cauchemar des utilisateurs Android

Les malwares sous Android sont en perpétuel renouvellement. A peine Cerberus, le fameux cheval de Troie bancaire, est-il parti en retraite qu’un autre se place sur le devant de la scène. Baptisé ” Alien “, ce nouveau cauchemar des utilisateurs Android, a été détecté et analysé par les chercheurs en sécurité de ThreatFabric.

Failles / vulnérabilités

US govt orders federal agencies to patch dangerous Zerologon bug by Monday | ZDNet

The Department of Homeland Security’s cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing ” unacceptable risk” posed by the vulnerability to federal networks. The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. In an email seen by BleepingComputer, Twitter explains that a developer’s browser may have cached the sensitive data when visiting certain pages on developer.twitter.com.

Hackers sell access to your network via remote management apps

Remote monitoring and management (RMM) software is starting to get attention from hackers as these types of tools provide access to multiple machines across the network.

Réglementaire / juridique


Arrested: ‘4 most active hackers’ involved in SIM Swap, malware attacks

In March 2020, it was reported that Europol busted a sim-swapping network working across Europe. Now, four suspected hackers have been arrested by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji). The arrests are a result of a countrywide crackdown against cybercriminals. The detained individuals are allegedly part of coordinated cybercrime campaigns.

Student Arrested Over Cyber-attacks on Indiana Schools

A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system. The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.

German authorities probe hospital ransomware attack as a homicide, reports say

German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say.

Cinq ans de prison pour un hacker qui avait piraté une célèbre clinique de chirurgie esthétique

Lors de son procès, l’homme a éclaté en sanglots et promis qu’il ne toucherait plus jamais un ordinateur.

Polish police shut down major group of hackers in the country

Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers. The gang, composed of four suspects, in believed to be among the most active groups in the country.


German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed

FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) – including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more.


1 Comment

Comments are closed.

La newsletter