Des cyber-attaques pour créer de vrais dangereux virus #veille (6 déc 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Data of 243 million Brazilians exposed online via website source code | ZDNet

The personal information of more than 243 million Brazilians, including alive and deceased, has been exposed online after web developers left the password for a crucial government database inside the source code of an official Brazilian Ministry of Health’s website for at least six months.

The password to access a highly sensitive Ministry of Health database was stored inside a government site’s source code.

French Apodis Pharma leaking 1.7+ TB of confidential data

Original post @ https://cybernews.com/security/french-pharmaceuticals-distribution-platform-leaking-1-7-tb-confidential-data/ The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma, a software company based in France. Apodis Pharma is a company that offers a digital supply chain management platform and other software solutions created for pharmacies, healthcare institutions, pharmaceutical laboratories, and health insurance companies.

Cayman Islands Bank Records Exposed in Open Azure Blob

An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs. A Cayman Island investment firm has removed years of backups, which up until recently were easily available online thanks to a misconfigured Microsoft Azure blob.

Un hacker revend les données personnelles de grands directeurs sur un forum russophone

On peut lire sur qu’un hacker mène actuellement une vaste opération de revente de combinaisons d’e-mails et de mots de passe de comptes Office 365 sur un forum russophone. Il a ciblé des adresses C-Suite, c’est à dire les données personnelles de cadres dirigeants comme des directeur financier, directeur marketing, directeur général, etc.

Cyberattaques / fraudes

Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain,’ Though Motives Remain Unknown

Hackers “assumed to be state agents” have been waging a phishing campaign against pharmaceutical firms and other institutions involved in the forthcoming distribution of a vaccine against the novel coronavirus, IBM announced on Thursday.

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins | ZDNet

A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. On Monday, academics from the Ben-Gurion University of the Negev described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level.

Software used to design and manage synthetic DNA projects may also be susceptible to man in-the-browser attacks that can be used to inject arbitrary DNA strings into genetic orders, facilitating what the team calls an “end-to-end cyberbiological attack.”

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data. Manchester United, an English Premier League stalwart and a football club with a huge worldwide fanbase, has been targeted by a cyberattack.

North Korean hackers ramp up coronavirus vaccine targeting – CyberScoop

Written by Shannon Vavra Dec 2, 2020 | CYBERSCOOP North Korean hackers have been on a bit of a coronavirus vaccine hacking spree. An espionage shop with suspected ties to the North Korean government has been working to breach multiple pharmaceutical companies working on coronavirus treatments in the U.S.

Vancouver Metro Disrupted by Egregor Ransomware

The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week. The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S.

Royal Dutch Cycling Union Disclosed Ransomware Attack

Joining the list of latest cyberattack victims, now comes a Dutch national governing body. Reportedly, the Royal Dutch Cycling Union has suffered a ransomware attack. The attackers have demanded ransom for the entity to regain data access, but the victims have refused to pay.

Russian hacking group uses Dropbox to store malware-stolen data

Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country. The previously unknown malware framework, named Crutch by its authors, was used in campaigns spanning from 2015 to at least early 2020.

Ransomware Attack Closes Baltimore County Public Schools

The attack, first discovered late Tuesday, disrupted the district’s websites and remote learning programs, as well as its grading and email systems, officials said. The public schools in Baltimore County, Md., will remain closed Monday and Tuesday as officials respond to a cyberattack that forced the district to cancel remote classes for its 115,000 students just before the Thanksgiving holiday, officials said.

Hacker-for-hire group develops new stealthy Windows backdoor

Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker. DeathStalker (previously known as Deceptikons) is a threat actor whose activity goes back to at least 2012 [ 1, 2] known for using a wide range of malware strains and complex delivery chains, as well as regularly using tactics that help them evade detection.

Quand l’aspirateur-robot se transforme en espion

Des chercheurs en sécurité ont mis au point une attaque qui exploite le capteur lidar d’appareils connectés pour aspirer des conversations. Un objet connecté n’a pas besoin de microphone ni de caméra pour se transformer en espion. C’est ce que rappelle une étude, fruit d’une collaboration entre des chercheurs en sécurité de l’Université de Singapour et d’autres de l’Université du Maryland, aux États-Unis.

Failles / vulnérabilités

FBI warns of email forwarding rules being abused in recent hacks | ZDNet

The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked email accounts. In a PIN (Private Industry Notification) alert sent last week and made public today, the FBI says the technique has been seen and abused in recent BEC (Business Email Compromise) attacks reported over the summer.

Android apps with 200 million installs vulnerable to security bug

Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.

Manipulating Systems Using Remote Lasers

Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers – from as far as 360 feet – at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]

Réglementaire / juridique

Italian Police Arrest Criminals Accused of Robbing ATMs with…

Italian Police identified 12 people allegedly responsible for numerous ATM jackpotting attacks in multiple provinces, putting an end to a criminal operation that lasted seven months. Jackpotting usually requires several attackers. It’s one of the more complex… #DieboldNixdorf #Italy #jackpotting

Le service mail ” le plus sécurisé au monde ” contraint d’intégrer une backdoor pour la police

Cette histoire rappelle que seuls les messages chiffrés de bout en bout ne peuvent véritablement être à l’abri d’une surveillance.

Hacker Gets 8 Years in Prison for Threats to Schools, Airlines | SecurityWeek.Com

A North Carolina man was sentenced to 95 months in federal prison for his involvement in multiple cyber and swatting attacks. The man, Timothy Dalton Vaughn, 22, known online under monikers such as “WantedbyFeds” and “Hacker_R_US,” was indicted in early 2019 and pleaded guilty in November 2019.

Divers

L’app suisse Threema, alternative à WhatsApp, jugée très sûre

Peut-être faites-vous partie des plus de 6 millions d’utilisateurs de Threema, dont environ 5% en Suisse. Cette application qui promet une confidentialité totale a passé courant octobre 2020 une batterie de tests pour juger de son niveau de sécurité, rapporte Watson.

La newsletter