L’hebdo des cyber-menaces (14 mars 2021)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Hackers access surveillance cameras at Tesla, Cloudflare, banks, more

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ.

Molson Coors discloses cyberattack disrupting its brewery operations | ZDNet

Brewing giant Molson Coors disclosed Thursday that it has experienced a “cybersecurity incident” that has disrupted operations and beer production. In a Form-8K filed with the SEC today, Miller Coors said it’s bringing in an outside forensic IT firm to investigate the breach, but that delays in shipments were likely as it works to bring its systems back online.

COVID-19 testing service in US exposes patients’ photos, passports

A COVID-19 testing service in Utah ran by Premier Diagnostics exposed sensitive information of more than 50,000 people by storing data on two unsecured Amazon S3 buckets. The information included driver’s licenses, medical insurance cards, passports, and other IDs which were accessible without any authentication procedure on the web according to the Comparitech researchers.

Cyberattaques / fraudes

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits

Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.

L’Agence européenne des médicaments, piratée par les Russes et les Chinois

Les hackers de Poutine ont mis la main sur des données du vaccin de Pfizer/Biontech. Ce dernier a été la cible, par la suite, d’une campagne de désinformation organisée par les services secrets russes.

Les hackers de Poutine ont mis la main sur des données du vaccin de Pfizer/Biontech. Ce dernier a été la cible, par la suite, d’une campagne de désinformation organisée par les services secrets russes.

Les serveurs Exchange assiégés par au moins 10 groupes APT | WeLiveSecurity

L’équipe de chercheurs d’ESET a découvert que des groupes APT dont LuckyMouse, Tick, Winnti Group et Calypso, utilisent probablement les récentes vulnérabilités de Microsoft Exchange pour compromettre des serveurs de messagerie dans le monde entier. Le 2021-03-02, Microsoft a publié des correctifs hors agenda pour Microsoft Exchange Server 2013, 2016 et 2019.

FBI alert warns of Russian, Chinese use of deepfake content – CyberScoop

Written by Shannon Vavra Mar 10, 2021 | CYBERSCOOP The FBI warned in an alert Wednesday that malicious actors “almost certainly” will be using deepfakes to advance their influence or cyber-operations in the coming weeks. The alert notes that foreign actors are already using deepfakes or synthetic media – manipulated digital content like video, audio, images and text – in their influence campaigns.

Failles / vulnérabilités

Microsoft Exchange Server hacks ‘doubling’ every two hours | ZDNet

Cyberattackers are taking full advantage of slow patch or mitigation processes on Microsoft Exchange Server with attack rates doubling every few hours. According to Check Point Research (CPR), threat actors are actively exploiting four zero-day vulnerabilities tackled with emergency fixes issued by Microsoft on March 2 — and attack attempts continue to rise.

https://www.theregister.com/2021/03/12/github_disappears_exploit/

Microsoft Exchange Server Attack Escalation Prompts Patching Panic

US government officials weigh in on the attacks and malicious activity, which researchers believe may be the work of multiple groups. The critical Exchange Server vulnerabilities patched last week by Microsoft are being weaponized in widespread attacks against organizations worldwide. Attacks have escalated over the past two weeks, prompting responses from US government and the security community.

L’armée suisse connaissait les failles de son système e-learning depuis des semaines (update)

Mise à jour du 10.03.2012: Des recrues ont fait savoir que l’armée suisse aurait eu connaissance de la fuite de données touchant sa plateforme d’apprentissage en ligne dès la fin janvier, rapporte le média alémanique 20 Minuten.

https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/

Justice / police / réglementation

https://www.europol.europa.eu/newsroom/news/illegal-mobile-application-more-100-million-users-taken-down-in-spain

Police raid apartment of alleged Verkada hacker, as questions asked about employees’ access to customer video feeds

On Friday, software engineer Tillie Kottmann’s apartment in Lucerne, Switzerland, was raided by police who seized electronic devices, according to a post from their Mastodon account: my apartment was raided by local police this morning 7am my time and all my electronic devices have been confiscated on request of the US department of justice.

Spanish cops arrest four in ‘FluBot’ text hacking scheme – CyberScoop

Written by Shannon Vavra Mar 8, 2021 | CYBERSCOOP Police in Barcelona have arrested four hackers suspected to be behind a massive criminal scheme which has targeted tens of thousands of victims with malicious links impersonating banks in order to steal victims’ credentials and money.

Divers

L’incendie d’un data center OVH fait état d’un bilan catastrophique

Il n’y a pas que les disques durs qui peuvent lâcher. L’incendie d’un data center strasbourgeois d’OVHcloud, dans la nuit du 9 au 10 mars, est venu rappeler le danger des données stockées, même sur le cloud. Ces dernières heures, le site spécialiste Netcraft a rendu un aperçu du bilan actuel des dégâts.

La newsletter