L’hebdo des cyber-menaces (7 fév 2021)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Hackers steal StormShield firewall source code in data breach

Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company’s support ticket system and steal source code for Stormshield Network Security firewall software. StormShield is a French cybersecurity firm that develops UTM (Unified Threat Management) firewall devices, endpoint protection solutions, and secure file management solutions.

China Steals Personal Data of 80% of US Adults

The Chinese government may have stolen personal data from 80% of adults in the United States, according to a 60 Minutes report that aired yesterday on American television and radio network CBS. In the report, former director of the US National Counterintelligence and Security Center, Bill Evanina, warned that the PRC is actively working to gather and exploit Americans’ DNA and other health information.

1.6 million Washington unemployment claims exposed in data breach

The Office of the Washington State Auditor (SAO) has experienced a data breach which has resulted in the exposure of 1.6 million employment claims, and the sensitive personal information that they contain. The Washington SAO revealed that a threat actor had exploited a vulnerability in Accellion, a secure file transfer service that helps organisations share sensitive documents with outside users in a secure way.

Cyberattaques / fraudes

Europol warning on the illicit sale of false negative COVID-19 test certificates

As long as travel restrictions remain in place due to the pandemic, it is very likely that criminals will seize the opportunity of producing and selling fake COVID-19 test certificates, warns a Europol Early Warning Notification published today.

Le botnet TrickBot se réactive en ciblant les avocats et les assureurs – Le Monde Informatique

Le botnet Trickbot qui avait servi aux attaques Ryuk et d’autres ransomware a repris du service. Pour ce retour, les pirates ont remplacé les pièces jointes malveillantes des courriers électroniques par des liens malveillants. Il cible particulièrement les cabinets d’avocats et les compagnies d’assurance.

Failles / vulnérabilités

Google fixes Chrome zero-day actively exploited in the wild

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the Google Chrome 88.0.4324.150 announcement reads.

Une société de cybersécurité a identifié trois nouvelles failles dans les produits de SolarWinds

Depuis plusieurs mois, les États-Unis font face à une cyberattaque d’une ampleur inédite causée en grande partie à cause d’une faille de sécurité dans le logiciel Orion de SolarWinds. Il y a quelques jours, Trustwave a déclaré avoir découvert trois autres failles de sécurité ” critiques ” dans les logiciels de SolarWinds, qui n’ont vraisemblablement pas été exploitées, mais qui montre la vulnérabilité de l’entreprise.

Justice / police / réglementation

Hacked road sign talks back after driver complains to council. “Do you want to speak to a manager Karen?”

“Do you want to speak to a manager Karen?” Karen Banks from Swadlincote in South Derbyshire, England, isn’t very happy with whoever managed to post this message on an electronic traffic information sign in the neighbouring town of Burton. GO BACK TO SWAD YOU IDIOTS. WE ARE SUPPOSED TO BE IN LOCKDOWN!

Divers

Interview With a Russian Cybercriminal

A LockBit ransomware operator shared with researchers why he became involved in cybercrime, how he chooses victims, and what’s in his toolbox. IT security practitioners spend a lot of time strategizing ransomware defense, but many know little about the criminals plotting attacks. Who is the person behind a devastating ransomware campaign?

“I do not like to work in the US because getting paid is harder there, the EU pays better and more,” Aleks reportedly told researchers.
La newsletter