Un hold-up de 150 Mios $ et le code de Windows XP dans la nature #veille (27 sept. 2020)
27 septembre 2020
Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
The source code for Windows XP, Windows Server 2003, and other Microsoft operating systems have been published online this week. The OS sources were leaked online as a 42.9 GB torrent file on 4chan, an online message board often frequented by trolls and extremist groups.
Alors que le pouvoir s’enfonce dans une réponse de plus en plus autoritaire en s’en prenant violemment aux manifestants pacifiques des hackers organisent une contre-attaque à base de publication de données personnelles.
A research report from VPNmentor revealed that a COVID-19 surveillance tool dubbed Surveillance Platform Uttar Pradesh COVID-19 was compromised on August 1st, leading to a massive data breach. According to researchers, various vulnerabilities were exploited to compromise the surveillance platform, but the primary reason behind the breach was a severe lack of security.
A company that provides software for sports leagues to manage referees and game officials has disclosed a security incident that impacted around 540,000 of its registered members – consisting of referees, league officials, and school representatives. ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year.
Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets. Founded in 1854, Louis Vuitton is a prominent luxury French fashion brand and merchandise company with over 121,000 employees and a $15 billion annual revenue.
Popular running and cycling app Strava can expose your information to nearby strangers, which has sparked privacy concerns among its users. After learning of this information sharing feature, some fear this functionality can be abused for stalking and « predatory » motives.
New York fitness chain Town Sports has suffered a data breach after a database containing the personal information of over 600,000 people was exposed on the Internet. Town Sports International is the owner of well-known United States fitness centers and gyms, including New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, and Total Woman Gym and Spa.
Cyber-attaques / fraudes
Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds. Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.
A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday. The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed.
Des pirates chinois ont réussi à dérober des données appartenant à des laboratoires espagnols spécialisés dans la recherche vaccinale contre le Covid-19, rapporte le quotidien espagnol le 18 septembre. Une campagne particulièrement « virulente » Paz Estéban, la directrice du Centre national de renseignement espagnol, a indiqué que cette campagne était particulièrement » virulente » et ciblait » des secteurs sensibles tels que la santé et la fabrication de médicaments ».
Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations. Tyler Technologies is one of the largest U.S. software development and technology services companies dedicated to the public sector. With a forecasted $1.2 billion in revenue for 2020 and 5,500 employees, Tyler Technologies provides technical services for local governments in many states in the USA.
09/22 update is added below. This post was originally published on August, 21st, 2020. Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China. Luxottica is the world’s largest eyewear company that employs over 80,000 people and generated 9.4 billion in revenue for 2019.
Russian cyber espionage group known by names, Fancy Bear and APT28 has been behind a targeted attack campaign aimed at government bodies. The group delivers a hard-to-detect strand of Zebrocy Delphi malware under the pretense of providing NATO training materials.
The official website of the Ukraine National Police has been temporarily shut down after authorities identified hacker intrusion earlier this morning. In a Facebook post, the National Police acknowledged the incident and revealed that the unknown hacker published inaccurate information on some of the websites operated by different regional police departments.
A cyber-attack that caused a German hospital to refuse treatment to a woman who subsequently died has been linked to a Russian ransomware gang. Attackers struck Düsseldorf University Clinic (DUC) on the night of Thursday, September 10, gaining access by exploiting a vulnerability in some commercially available Citrix software.
Les malwares sous Android sont en perpétuel renouvellement. A peine Cerberus, le fameux cheval de Troie bancaire, est-il parti en retraite qu’un autre se place sur le devant de la scène. Baptisé » Alien « , ce nouveau cauchemar des utilisateurs Android, a été détecté et analysé par les chercheurs en sécurité de ThreatFabric.
Failles / vulnérabilités
The Department of Homeland Security’s cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing » unacceptable risk » posed by the vulnerability to federal networks. The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.
Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. In an email seen by BleepingComputer, Twitter explains that a developer’s browser may have cached the sensitive data when visiting certain pages on developer.twitter.com.
Remote monitoring and management (RMM) software is starting to get attention from hackers as these types of tools provide access to multiple machines across the network.
Réglementaire / juridique
C’est une opération d’envergure, » la plus grande » que le ministère de la Justice américain ait contribué à réaliser. DisrupTor, un nom donné en référence au navigateur bien connu du dark web, a permis l’arrestation de 179 revendeurs de drogue en ligne, plus de 500 kg de stupéfiants ont été saisis, tandis que 6,5 millions de dollars en espèces et en cryptomonnaies ont été récupérées.
In March 2020, it was reported that Europol busted a sim-swapping network working across Europe. Now, four suspected hackers have been arrested by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji). The arrests are a result of a countrywide crackdown against cybercriminals. The detained individuals are allegedly part of coordinated cybercrime campaigns.
A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system. The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.
German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say.
Lors de son procès, l’homme a éclaté en sanglots et promis qu’il ne toucherait plus jamais un ordinateur.
Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers. The gang, composed of four suspects, in believed to be among the most active groups in the country.
FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) – including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the potential threat posed by attempts to spread disinformation regarding the results of the 2020 elections.
Comment une vulnérabilité majeure dans un plugin a conduit à l'installation automatique d'un correctif sur 5 millions de sites WordPress
Découvrez les principaux incidents de perte et vol de données détectés cette dernière semaine
Pingback: Veille Cyber N303 – 05 octobre 2020 |