Des images de webcams personnelles piratées et diffusées sur des sites pour adultes #veille (18 oct 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Home security cams hacked in Singapore, and stolen footage sold on adult websites – Bitdefender

Unsecured home security cameras hijacked * Stolen images circulate on Discord * Everyone needs to take IoT security more seriously In Singapore it’s not at all uncommon today for people to have IP cameras all over their homes. And, of course, the more people who installed internet-connected cameras throughout their private residences the more …

Barnes & Noble cyber incident could expose customer shipping addresses, order history – CyberScoop

Written by Shannon Vavra Oct 15, 2020 | CYBERSCOOP Barnes & Noble told customers it was the victim of a cyberattack that led to « unauthorized and unlawful access » of its corporate systems. Barnes & Noble didn’t detail the entire nature of the « cybersecurity attack » in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed.

Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm

Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack. Hackers have stolen nearly a terabyte of data from a Miami-based tech firm, leaking a number of the pilfered files (including full credit-card information, scans of sensitive documents such as passports, bank statements and financial documents, and even customer databases) on a Russian hacker forum.

Breach at Dickey’s BBQ Smokes 3M Cards

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.

Cyber-attaques / fraudes

Norway says Russian hackers carried out breach at parliament

Russian state-sponsored hackers were behind a breach of the Norwegian parliament in August in which attackers stole data from lawmakers’ email accounts, Norwegian officials alleged on Tuesday. « This is a very serious incident, affecting our most important democratic institution, » Norway Foreign Affairs Minister Ine Eriksen Søreide said in a statement.

Une arnaque à la fausse mise à jour a permis de derober 22 millions de dollars en bitcoin

Sécurité : Des groupes cybercriminels envoient de fausses mises à jour aux propriétaires de portefeuilles Electrum, installent des logiciels malveillants et volent les fonds des utilisateurs. Une technique simple a permis à des groupes cybercriminels de voler plus de 22 millions de dollars en cryptomonnaie à des utilisateurs de l’application de portefeuille Electrum ; une enquête de ZDNet a permis de découvrir cette technique.

Google details tactics of Chinese hackers who targeted Biden campaign

Google on Friday offered new details on tactics used by alleged Chinese government-linked hackers who previously targeted Democratic presidential nominee Joe Biden’s campaign, while warning that multiple state-linked hacking groups continue to show an interest in the U.S. election.

Android ransomware learns new tricks to lock devices

Microsoft security experts claim to have uncovered the latest trick being used by Android ransomware. In a blog post, the Microsoft 365 Defender Research Team details how a new ransomware variant has found a new way to subvert Android’s built-in protection mechanisms to lock devices and hold them to ransom.

Iranian APT group hits schools, universities in global spear phishing attacks

The IT security researchers at Malwarebytes and Peter Kruse from the CSIS Security Group have reported on an Iranian APT (advanced persistent threat) group also known as Silent Librarian, TA407, and COBALT DICKENS that has been targeting schools and universities around the world with spear phishing attacks.

Software AG Continues Efforts Against $20M Ransomware Attack

Software AG, Germany’s second-largest software company (after SAP) continues to struggle with a ransomware attack that has evolved into an extortion bid carrying a $20 million payoff demand. The attack began on October 3 as a ransomware attack in which the attackers demanded the unusually high ransom in return for a decryption key.

Failles / vulnérabilités

Microsoft and Other Tech Companies Take Down TrickBot Botnet

The Joint Collaboration, US Government, Microsoft and Other Tech Companies Take Down TrickBot Botnet.

Hackers used VPN flaws to access US govt elections support systems

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure.

Singapore tightens security requirements for new home routers | ZDNet

Come April 13 next year, home routers will have to meet new security requirements before they can be put up for sale in Singapore. These include unique login credentials and default automatic downloads of security patches.

Réglementaire / juridique

Morgan Stanley à l’amende de 60 M$ pour avoir mal protégé ses données clients – Le Monde Informatique

Le bureau de contrôle du Trésor américain estime que Morgan Stanley n’a pas suffisamment surveillé les sous-traitants chargés de décommissionner deux de ses datacenters aux Etats-Unis en 2016. Un manquement réitéré 3 ans plus tard sur un autre arrêt d’infrastructure. La banque écope d’une amende de 60 000 M$.

German authorities raid FinFisher offices | ZDNet

German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. The raids took place earlier this month, on October 6 and October 8, and were ordered by the Munich Public Prosecutor’s Office.

British Airways fined £20m over data breach

« When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security, » said Information Commissioner Elizabeth Denham.

New York faults Twitter for lax security measures prior to big account breach

The scammers who hijacked celebrity Twitter accounts to promote cryptocurrency in July did so by posing as a customer support team in a breach that caught Twitter’s security team flat-footed, a New York regulator said in a report Wednesday.

German authorities raid FinFisher offices | ZDNet

German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. The raids took place earlier this month, on October 6 and October 8, and were ordered by the Munich Public Prosecutor’s Office.


L’accélérateur Tech4Trust retient plus de vingt start-up pour sa deuxième édition

Consacré à la confiance numérique et désormais intégré à l’initiative Trust Valley, l’accélérateur Tech4Trust a sélectionné 27 start-up pour sa deuxième édition. Les jeunes pousses retenues sont actives dans les domaines de la cybersécurité, de la blockchain, de la protection de la sphère privée ou encore de la traçabilité.

Un système de reconnaissance faciale unique au monde fait ses débuts à Singapour

C’est officiel : les 5 millions d’habitants de Singapour vont désormais accéder aux services gouvernementaux en utilisant un système de reconnaissance faciale, une première mondiale. Si le gouvernement salue cette grande avancée technologique, certains défenseurs des droits humains s’inquiètent de ses usages cachés.

Les habitants de la cité-État y ont désormais recours pour faire leur déclaration d’impôt ou une demande de logement

1 Comment

Comments are closed.

La newsletter