Des hackers russes poursuivis pour des cyberattaques majeures #veille (25 oct 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Leaky Pharma Giant Database Exposes Personal Information of US…

Pharmaceutical giant Pfizer has been exposing private medical information of US prescription-drug users for months, according to vpnMentor’s cybersecurity research team. The sensitive data was stored on a misconfigured Google Cloud Storage bucket. Researchers even found some information dating back to October 2018, speculating that the database could have been accessible for nearly two years.

Major Data Breach at Ohio School District

Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.

Cyberattaques / fraudes

French IT giant Sopra Steria hit by Ryuk ransomware

French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware. Sopra Steria is a European information technology company with 46,000 employees in 25 countries worldwide. The company provides a wide range of IT services, including consulting, systems integration, and software development.

Montreal’s Public Transport Service Hit by Ransomware Attack

Société de transport de Montréal (STM) has suffered a ransomware attack that crippled most of its computer systems, the public transport agency disclosed earlier this week. As of Monday afternoon, the STM website was inaccessible, and users… #cyberattack #MontrealPublicTransport #ransomwareattack

US govt: Iran behind fake Proud Boys voter intimidation emails

The US govt has stated that Iran is behind threatening emails sent to Democratic voters warning that they must vote for Trump or face consequences. Over the past two days, voters registered as Democrats in Florida and Alaska have received voter intimidation emails claiming to be from the far-right group known as the Proud Boys.

Botnet Infects Hundreds of Thousands of Websites

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence. A botnet focused on cryptomining, spamming, and defacement has infected hundreds of thousands of websites running popular content management systems (CMSes), such as WordPress, Joomla, Magneto, and Drupal, according to online security firm Imperva.

Failles / vulnérabilités

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China. Chinese state-sponsored cyber activity is “one of the greatest threats” to US National Security Systems, the US Defense Industrial Base, and Department of Defense information networks, the NSA writes in its advisory.

WordPress sites receive update to security plugin after vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites.

Réglementaire / juridique

L’étau se resserre sur le cybergang russe Sandworm – Le Monde Informatique

Inculpés par la justice américaine de conspiration, notamment pour fraude et endommagement de systèmes informatiques, ainsi que de vol d’identité aggravé, 6 membres du groupe de cybercriminels russes Sandworm sont recherchés. Parmi leurs précédentes cibles : les JO 2018 de Pyeongchang et la campagne des présidentielles françaises 2017.

U.S. Charges Russian Intelligence Officers in Major Cyberattacks

Prosecutors said the suspects hacked elections in France, the electricity grid in Ukraine and the 2018 Winter Olympics in Pyeongchang, South Korea. The Justice Department on Monday unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.

EU sanctions Russian hackers over 2015 German parliament attack

The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag).

US Treasury hits bitcoin mixer with $60 million penalty

The US Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) today announced the first-ever penalty against a Helix and Coin Ninja cryptocurrency mixing services. FinCEN assessed a $60 million civil money penalty against Larry Dean Harmon, the founder and operator of the Helix and Coin Ninja cryptocurrency tumblers, for violating the Bank Secrecy Act (BSA) and its regulations while operating the two services as unregistered money services businesses (MSB).

Divers

Ces hackers reversent une partie de leur butin à des œuvres caritatives

Les ransomwares rapportent très gros. Ainsi, rien que pour les États-Unis, le FBI estime que ce type d’attaque a généré plus de 140 millions de dollars au cours des dix dernières années. En France, l’Agence nationale de la sécurité des systèmes d’information ( Anssi) est déjà intervenue 104 fois cette année pour régler des attaques au rançongiciel.

McAfee lève 740 millions de dollars à l’occasion de son retour en Bourse

Dans un récent communiqué, McAfee a annoncé qu’il avait levé plus de 740 millions à l’occasion de son introduction en Bourse. Il est précisé que 37 millions d’actions ont été vendues pour 20 dollars chacune, sachant que l’entreprise a vendu 31 millions d’actions, contre 7 millions pour ses actionnaires.

1 Comment

Comments are closed.

La newsletter