L’hebdo des cyber-menaces (14 fév 2021)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Un cadre de Cdiscount a dérobé les données personnelles de millions de clients

Un haut responsable de Cdiscount basé sur le site de Cestas (Gironde) a été mis en examen lundi 1er février à Bordeaux. Il est accusé d’avoir volé les données personnelles de millions de clients et de les avoir proposées au téléchargement sur le dark web.

Gmail, Linkedin, Netflix… 3 milliards de mots de passe en fuite, êtes-vous concernés ?

Son nom est COMB, pour Compilation of Many Breaches (compilation de nombreuses failles). Découverte par nos confrères de CyberNews, cette fuite massive de données personnelles est l’une des plus importantes de ces dernières années. COMB regroupe les données personnelles de 3,2 milliards d’utilisateurs des services les plus populaires au monde.

Hundred thousand Spotify accounts leaked in credential stuffing attack

It was recently revealed that Spotify has suffered its second credential stuffing attack in three months. It is estimated that almost a hundred thousand accounts can face a takeover. A script is written by cybercriminals that is capable of checking stolen IDs and passwords one by one.

Billions of Passwords Offered for $2 in Cyber-Underground

About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection. A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords.

Tens of Thousands of Patient Files Leaked in US Hospital Attacks

Patients and employees from 11 hospitals in the US have had their personal information exposed after hackers reportedly published tens of thousands of records online. The files come from Leon Medical Centers, which runs eight facilities in Florida, and Nocona General Hospital, which has three in Texas.

Private messages between Mensa forum members are leaked onto the internet

There’s still some confusion about precisely what has been going on at the British branch of Mensa, the club for people who have scored highly in an IQ test but who feel their social lives would be improved by hanging out with other people who chose to join a club after scoring highly in an IQ test.

Un employé de Yandex surpris la main dans le sac… de données

Technologie : Un employé de haut niveau du moteur de recherche russe Yandex a été surpris en train de subtiliser des données utilisateurs pour les revendre à des tiers. 4 887 comptes de messagerie ont été compromis.

Cyberattaques / fraudes

6,500 locations, 1 million vaccines, how many bots? – CyberTalk.org

This week and into next week, chain pharmacies around the United States widely anticipate starting to offer coronavirus vaccinations. The initial rollout will begin with 6,500 pharmacies and other retail sites. They will collectively release 1 million doses. As the vaccine supply increases, the program will eventually expand to 40,000 pharmacies and they will distribute many more million doses of the vaccine.

Some experts worry about cyber criminal plans to leverage bots in mass-reserving vaccine appointment slots, then reselling them to the public. These types of bots, known as “scalper bots”, are able to sweep up limited supplies of high-demand goods, from theater tickets to electronics, within milliseconds of their release.

Hacker Tried to Poison Florida City’s Water Supply, Police Say

Did you know anything else about this breach? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de , or email joseph.cox@vice.com .

Du phishing camouflé en code morse pour tromper le filtrage web – Le Monde Informatique

Des exemples d’attaques de phishing utilisant du code morse pour cacher des balises JavaScript, injectables dans du code HTML, ont été découverts. Objectif : s’emparer des identifiants Office 365 des utilisateurs pris pour cible. La dissimulation de codes et liens malveillants est devenue le jeu – et de plus en plus le gagne-pain – favori des cyberpirates à l’échelle mondiale.

French MNH health insurance company hit by RansomExx ransomware

French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company’s operations. BleepingComputer has learned. MNH is the first mutual insurance company in France to provide health insurance services, and plans focused on the health sector.

Ransomware Demands Spike 320%, Payments Rise

When it comes to paying the ransom in a ransomware attack, demands are on the rise. Yet, many companies that paid the ransom failed to receive a decryption key, in a survey issued Monday.

Hacked Finnish psychotherapy clinic files for bankruptcy

Finnish-based psychotherapy practice, Vastaamo , earlier came into the world’s attention back in October 2020 after it who threatened to leak the patients’ data unless they agreed to pay a bitcoin ransom of €200.

Failles / vulnérabilités

12-year-old Windows Defender bug gives hackers admin rights

Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. Microsoft Defender Antivirus is the default anti-malware solution on over 1 billion systems running Windows 10 according to Microsoft’s stats.

Justice / police / réglementation

SIM hijackers arrested after stealing millions from US celebrities

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. SIM swap fraud (also known as SIM hijacking) allows scammers to take control of a target’s phone number either via social engineering or by bribing mobile operator employees to port it to a SIM controlled by the fraudster.

FBI could use a tool to access private Signal messages on iPhones

Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from iPhone devices when they are in “partial AFU (after first unlock)” mode.

Romance scam victims reported $304 million in fraud in 2020, a new high – CyberScoop

Deceptive online behavior prompted plenty of emotions last year. Anger, fear, anxiety, frustration – take your pick. Just don’t forget heartbreak. Exactly how much heartbreak? The Federal Trade Commission’s scam-tracking team doesn’t monitor emotions, but it does collect complaints from people who say they were victims of romance scams. In 2020, they were worth a record $304 million – an increase of about 50% over the previous year.

Divers

High Demand for Hacker Services on Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases.

Cybersecurity solutions from Switzerland on high demand Startupticker.ch | The Swiss Startup News channel

Whether its an organisation, government or private individuals, users of information technologies are increasingly exposed to the risk of online attacks, which may have a deleterious impact. However, to achieve a securer environment, there is a need for more alliances between and among businesses, society, and government to delay new solutions that will facilitate safer execution of digital processes.

La newsletter