L’hebdo des cyber-menaces (14 mars 2021)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

un petit clic pour ma veille

Vol / perte de données

Hackers access surveillance cameras at Tesla, Cloudflare, banks, more

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ.

Molson Coors discloses cyberattack disrupting its brewery operations | ZDNet

Brewing giant Molson Coors disclosed Thursday that it has experienced a « cybersecurity incident » that has disrupted operations and beer production. In a Form-8K filed with the SEC today, Molson Coors said it’s bringing in an outside forensic IT firm to investigate the breach, but that delays in shipments were likely as it works to bring its systems back online.

COVID-19 testing service in US exposes patients’ photos, passports

A COVID-19 testing service in Utah ran by Premier Diagnostics exposed sensitive information of more than 50,000 people by storing data on two unsecured Amazon S3 buckets. The information included driver’s licenses, medical insurance cards, passports, and other IDs which were accessible without any authentication procedure on the web according to the Comparitech researchers.

Cyberattaques / fraudes

DearCry ransomware attacks Microsoft Exchange with ProxyLogon exploits

Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.

L’Agence européenne des médicaments, piratée par les Russes et les Chinois

Les hackers de Poutine ont mis la main sur des données du vaccin de Pfizer/Biontech. Ce dernier a été la cible, par la suite, d’une campagne de désinformation organisée par les services secrets russes.

Les hackers de Poutine ont mis la main sur des données du vaccin de Pfizer/Biontech. Ce dernier a été la cible, par la suite, d’une campagne de désinformation organisée par les services secrets russes.

Les serveurs Exchange assiégés par au moins 10 groupes APT | WeLiveSecurity

L’équipe de chercheurs d’ESET a découvert que des groupes APT dont LuckyMouse, Tick, Winnti Group et Calypso, utilisent probablement les récentes vulnérabilités de Microsoft Exchange pour compromettre des serveurs de messagerie dans le monde entier. Le 2021-03-02, Microsoft a publié des correctifs hors agenda pour Microsoft Exchange Server 2013, 2016 et 2019.

FBI alert warns of Russian, Chinese use of deepfake content – CyberScoop

Written by Shannon Vavra Mar 10, 2021 | CYBERSCOOP The FBI warned in an alert Wednesday that malicious actors « almost certainly » will be using deepfakes to advance their influence or cyber-operations in the coming weeks. The alert notes that foreign actors are already using deepfakes or synthetic media – manipulated digital content like video, audio, images and text – in their influence campaigns.

Failles / vulnérabilités

Microsoft Exchange Server hacks ‘doubling’ every two hours | ZDNet

Cyberattackers are taking full advantage of slow patch or mitigation processes on Microsoft Exchange Server with attack rates doubling every few hours. According to Check Point Research (CPR), threat actors are actively exploiting four zero-day vulnerabilities tackled with emergency fixes issued by Microsoft on March 2 — and attack attempts continue to rise.

Microsoft’s GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln

On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers. The PoC code, something short of an actual functioning exploit, consisted of a 169-line Python file.

Microsoft Exchange Server Attack Escalation Prompts Patching Panic

The critical Exchange Server vulnerabilities patched last week by Microsoft are being weaponized in widespread attacks against organizations worldwide. Attacks have escalated over the past two weeks, prompting responses from US government and the security community. News of the four vulnerabilities emerged on March 2, when Microsoft issued patches for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.


Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds

Threat intelligence experts are warning of a new version of the Darkside ransomware variant which its creators claim will feature faster encryption speeds, VoIP calling and virtual machine targeting. Israeli outfit Kela shared with Infosecurity information posted by the Russian-speaking group to dark web forums XSS and Exploit.

Justice / police / réglementation

Illegal mobile application with more than 100 million users taken down in Spain

Europol supported the Spanish National Police (Policía Nacional) to dismantle a criminal group distributing illegal video streams. The investigation also involved law enforcement authorities from Andorra and Portugal.

Police raid apartment of alleged Verkada hacker, as questions asked about employees’ access to customer video feeds

On Friday, software engineer Tillie Kottmann’s apartment in Lucerne, Switzerland, was raided by police who seized electronic devices, according to a post from their Mastodon account: my apartment was raided by local police this morning 7am my time and all my electronic devices have been confiscated on request of the US department of justice.

Spanish cops arrest four in ‘FluBot’ text hacking scheme – CyberScoop

Written by Shannon Vavra Mar 8, 2021 | CYBERSCOOP Police in Barcelona have arrested four hackers suspected to be behind a massive criminal scheme which has targeted tens of thousands of victims with malicious links impersonating banks in order to steal victims’ credentials and money.


L’incendie d’un data center OVH fait état d’un bilan catastrophique

Il n’y a pas que les disques durs qui peuvent lâcher. L’incendie d’un data center strasbourgeois d’OVHcloud, dans la nuit du 9 au 10 mars, est venu rappeler le danger des données stockées, même sur le cloud. Ces dernières heures, le site spécialiste Netcraft a rendu un aperçu du bilan actuel des dégâts.

Veilleur et spécialiste en cybersécurité