Trois cyberattaques ont ciblé sept fabricants de vaccins COVID-19 #veille (15 nov 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

un petit clic pour ma veille

Vol / perte de données

Hotel Booking Firm Leaks Data on Millions of Guests

A hotel software provider has exposed the personal data of millions of guests around the world after misconfiguring an AWS bucket, according to a new report from Website Planet. The tech site’s security team discovered an exposed cloud database belonging to Spanish developer Prestige Software, whose platform enables hotels to automate their availability on booking websites like Expedia.

Data Breach Hits 28 Million Texas Drivers

A breach at an insurance software company has resulted in the compromise of 27.7 million personal and driver’s license details in Texas. Vertafore claimed in a notification this week that, due to human error, three files were stored in an unsecured third-party service which was subsequently accessed without authorization.

Mashable Customer Data Leaked Online

Data belonging to users of American culture and technology news website Mashable has been leaked on the internet. In a statement released Sunday, November 8, Mashable confirmed that a hacker had obtained a copy of one of its databases and published it online. The site launched an investigation after learning of the attack on November 4.

Image stock site 123RF hacked; 8.3M user database leaked

The highly popular Image stock site has been hacked and as a result, its database with 8.3 million users has been leaked on an infamous hacker forum for download. 123RF is part of Chicago, Illinois based Inmagine Group. The website is an industry giant known for selling royalty-free images to customers which include individuals and businesses around the globe.

Trump lawsuit site to report ‘rejected votes’ leaked voter data

The website just launched by the Trump campaign in relation to the recently filed Arizona « rejected votes » lawsuit was discovered to be leaking voter data. The data included the voter name, address, and a unique identifier. However, reports have surfaced of users alleging the website has SQL Injection flaws that make it possible to collect a voter’s SSN and date of birth.

Hacker shares 3.2 million Pluto TV accounts for free on forum

A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach. Pluto TV is an Internet television service that lets you stream free TV shows with advertisements. The service has over 28 million members, and its mobile apps have been installed over 10 million times.

Cyber-attaques / fraudes

Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet

Microsoft says it detected three state-sponsored hacking operations (also known as APTs) that have launched cyber-attacks on at least seven prominent companies involved in COVID-19 vaccines research and treatments. Cyberwar and the Future of Cybersecurity Today’s security threats have expanded in scope and seriousness.

Le ransomware Ragnar Locker s’offre des pubs sur Facebook – Le Monde Informatique

Pour accentuer la pression sur sa victime, le gang derrière le ransomware Ragnar Locker s’est offert des publicités sur Facebook, via un compte piraté, pour la menacer de divulguer les données volées. Si les gangs de ransomwares travaillent pour améliorer la technique et le ciblage de leurs attaques, ils s’assurent aussi par tous les moyens du paiement de la rançon.

Le ransomware Ryuk paralyse le géant des fournitures de bureau Steelcase – Le Monde Informatique

Touché par le ransomware Ryuk fin octobre 2020, le poids-lourd des fournitures de bureau Steelcase a indiqué avoir été contraint de mettre à l’arrêt la totalité de ses systèmes de gestion, fabrication et de distribution pendant 2 semaines Le ransomware Ryuk a encore frappé.

Failles / vulnérabilités

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks. The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved.

Alleged source code of Cobalt Strike toolkit shared online

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy « beacons » on compromised devices to remotely « create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. »

Le ransomware RansomEXX s’attaque maintenant aux systèmes Linux – Le Monde Informatique

Particulièrement actif depuis quelques mois, le ransomware RansomEXX a connu une évolution de son code permettant de compromettre désormais des systèmes Linux. Les systèmes Windows ne sont pas les seules cibles des cyperbirates et de leurs campagnes d’hameçonnage.

Réglementaire / juridique

Widely used illegal streaming platform switched off from Switzerland

Europol supported law enforcement from France, Germany, Monaco, the Netherlands and Switzerland to take down an organised crime group involved in intellectual property crime. Eleven servers taken down in four countries On the action day, law enforcement officers seized eleven servers in France, Germany, the Netherlands and Switzerland.

La Federal Trade Commission épingle Zoom pour ses pratiques « trompeuses » en matière de sécurité

Zoom évite de justesse des poursuites. La Federal Trade Commission vient de conclure un accord avec l'entreprise éditrice d'un logiciel de visioconférence qui l'oblige à revoir ses pratiques en matière de sécurité. L'agence en charge du droit de la consommation affirme que Zoom a trompé ses utilisateurs, en particulier sur le chiffrement de bout en bout.

Terrorisme : l’Union européenne pourrait interdire le chiffrement

La radio autrichienne ORF affirme que le Conseil de l’Union européenne a adopté un projet de résolution qui obligerait les opérateurs de messagerie sécurisée tels que WhatsApp et Signal à autoriser les services des renseignements à accéder aux conversations chiffrées par des « portes dérobées », pour lutter contre le terrorisme et la pédopornographie, entre autres.

Finland Drafting New Legislation Following Cyber-Attack on Psychotherapy Center

The government of Finland is responding to a cybersecurity incident disclosed in October that left up to 40,000 Finns at risk of identity theft, fraud and extortion. The widely reported cyber-attack on psychotherapy center Vastaamo last month has convinced Finnish officials to usher in new legislation to « allow citizens to change their personal identity codes in cases of gross data breaches that carry a high risk of identity theft, » the AP reports.

Ex-missile systems worker jailed for breaching Official Secrets Act after last-second guilty plea

The former BAE Systems worker accused of sending details of a UK missile system to hostile foreign powers and of ignoring police demands to hand over his device passwords, has been jailed.

Former Microsoft engineer sentenced to nine years in prison for stealing $10 million | ZDNet

A former Microsoft software engineer that was convicted for stealing more than $10 million from the company has been sentenced to nine years in prison. The judgment, made by a jury, found that the charged individual, Volodymyr Kvashuk, committed 18 felonies.


Swiss spies knew about Crypto AG compromise – and kept it from govt overseers for nearly 30 years

Swiss politicians only found out last year that cipher machine company Crypto AG was (quite literally) owned by the US and Germany during the Cold War, a striking report from its parliament has revealed.

UK launches cyber-operation against Russian disinformation on COVID-19 vaccine, report says – CyberScoop

The United Kingdom’s equivalent of the National Security Agency is actively trying to disrupt Russian attempts to cast doubt about attempts to develop a reliable coronavirus vaccine, the Times of London reported early Monday. The U.K.’s Government Communications Headquarters (GCHQ) is using digital tools originally developed to tackle online propaganda and recruitment material from the Islamic State, sources told the newspaper.

Microsoft urges users to stop using call & SMS-based multi-factor authentication | ZDNet

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Veilleur et spécialiste en cybersécurité

Comments are closed.