1 milliard de Bitcoins saisis et les cybercriminels de Maze ferment boutique #veille (8 nov 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

un petit clic pour ma veille

Vol / perte de données

34M Records from 17 Companies Up for Sale in Cybercrime Forum

A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove. A whopping 34 million user records have materialized on an underground sales forum, which cybercriminals claim are gleaned from 17 different corporate data breaches.

Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen

Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada. Capcom is well-known for its iconic game franchises, including Street Fighter, Resident Evil, Devil May Cry, Monster Hunter, and Mega Man.

23,600 hacked databases have leaked from a defunct ‘data breach index’ site | ZDNet

More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from, a private service advertised on hacking forums to other cybercriminals.

Hotel reservation platform leaked user data from top online booking sites

A Barcelona, Spain-based software firm called Prestige Software has been caught exposing sensitive, private, and financial data of millions of customers around the globe. In particular, customers from, Expedia, Agoda, Amadeus,, Hotelbeds, Omnibees, Sabre, and several others are among the unsuspected victims of the data breach.

GitHub n’a pas été piraté ou presque pas – Le Monde Informatique

Hier, un développeur et hacktiviste indiqué que le code source de GitHub avait été dévoilé. Le CEO de GitHub est monté au créneau pour démentir un quelconque piratage même si le code source de GitHub Enterprise Server semble avoir fuité par accident.

Health Practice Loses Patient Data in Ransomware Attack, Tells Clients to Call Before Visiting

Alamance Skin Center, a Cone Health practice in Burlington in the US state of North Carolina, has disclosed a ransomware attack that left patient data « unrecoverable. » Alamance Skin Center was attacked in late July, yet parent company Cone Health is only disclosing the incident this week.

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software, Inc. develops commercial software used to create, edit, sign, and secure Portable Document Format (PDF) files and digital documents.

FBI: Hackers stole source code from US government agencies and private companies | ZDNet

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website.

Cyberattaques / fraudes

Maze ransomware gang says it has quit the cybercrime business

This article is more than 1 year old A press release on the website of a notorious cybercrime gang, who stole data from organisations and demanded a ransom be paid for its safe return, says that it is closing down.

Campari Group on the Rocks After Ransomware Attack

Beverage giant Campari Group has become the latest big-name brand to suffer an apparent ransomware attack forcing IT services offline. The Italian firm issued a statement on Tuesday claiming it was hit by a malware attack « presumably » on Sunday November 1.

US private prison, detention centers operator hit by ransomware attack

The Geo Group suffered a ransomware attack on August 19, in which health information and personal data of residents and inmates at the Marienville, Pennsylvania-based youth facility, a South Bay Correction and Rehabilitation Facility in Florida, and a non-operational facility in California was exposed.

Brazil’s court system under massive RansomExx ransomware attack

Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. « The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place, » STJ President Humberto Martins said in an official statement on the Supreme Federal Court’s website.

Linux version of RansomEXX ransomware discovered | ZDNet

Security firm Kaspersky said today that it discovered a Linux version of the RansomEXX ransomware, marking the first time a major Windows ransomware strain has been ported to Linux to aid in targeted intrusions. RansomEXX is a relatively new ransomware strain that was first spotted earlier this year in June.

Ryuk ransomware behind one third of all ransomware attacks in 2020 – Help Net Security

There’s a growing use of ransomware, encrypted threats and attacks among cybercriminals leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter, SonicWall reveals. « For most of us, 2020 has been the year where we’ve seen economies almost stop, morning commutes end and traditional offices disappear, » said Bill Conner, President and CEO, SonicWall.

New Pay2Key ransomware encrypts networks within one hour

A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. Michael Gillespie, the creator of ID Ransomware, has also seen submissions from Pay2Key victims predominantly from Brazilian IP addresses.

Failles / vulnérabilités

Google discloses actively exploited Windows zero-day (CVE-2020-17087) – Help Net Security

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw (CVE-2020-15999) that has been patched on October 20. CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver, and « constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape). »

New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities

Security researchers have discovered a new worm and botnet dubbed Gitpaste-12, named for its usage of GitHub and Pastebin to host component code and the 12 known vulnerabilities it exploits to compromise systems. The Juniper Threat Labs research team detected the first Gitpaste-12 attacks on Oct.

Un problème de configuration expose les mots de passe de deux millions de cultivateurs de marijuana

Technologie : Les mots de passe des utilisateurs du service GrowDiaries étaient stockés à l’aide de la fonction de hachage MD5 faible, ce qui exposait les comptes des clients à des attaques. Une communauté en ligne où les cultivateurs de marijuana peuvent bloguer sur leurs plantes et interagir avec d’autres cultivateurs, GrowDiaries, a subi une faille de sécurité en septembre de cette année.

Réglementaire / juridique

Hacker was identified after the theft of $24 million from Harvest Finance

A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.


Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file

Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL , makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database.

Apple exigera l’affichage des informations privées collectées par les applis dès le 8 décembre

Apple va vous aider à y voir plus clair sur la manière dont les développeurs et éditeurs d’applis utilisent vos données. Dès le mois prochain, Cupertino passe aux actes. Il rend obligatoire le renseignement et la publication sur son App Store du type d’information que les applis récupèrent lorsque vous les utilisez.

Amazon Fires Employee For Leaking Customer Data

Retail giant doesn’t disclose how many customers have been affected * Users should be on their guard against fraudulent and phishing emails Multiple Amazon customers turned to social media to describe how they had received a notification from the online retail giant that their email addresses have been leaked to an unnamed third party.

Veilleur et spécialiste en cybersécurité