L’hebdo des cyber-menaces (30 mai 2021)

In Carnet de veille

Photo by Mati Mango on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Hack of IT provider exposes data on 4.5 million Air India passengers – CyberScoop

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week. The initial breach of the IT provider, SITA – disclosed in March – affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier.

Audio equipment giant Bose hit by ransomware attack, data breach

Ransomware attacks are the new normal. From laptop manufacturer Acer to Colonial, the largest fuel pipeline in the United States, no one is protected from this ever-growing threat. Its latest victim is The audio equipment manufacturer giant Bose.

Canada Post hit by data breach after supplier ransomware attack

​Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers. Canada Post is the primary postal operator in Canada, serving 16.5 million Canadian residential and business addresses.

Cyberattaques / fraudes

Ransomware : un géant américain de l’assurance s’acquitte d’une rançon record

Sécurité : Le géant américain de l’assurance CNA Financial a cédé au chantage de cybercriminels en versant une rançon record de 40 millions de dollars pour se défaire d’un ransomware. L’une des plus grandes compagnies d’assurance des États-Unis, CNA Financial, aurait accepté de s’acquitter d’une rançon de 40 millions de dollars pour rétablir l’accès à ses systèmes après une attaque par rançongiciel.

Japan government servers hacked and data stolen – Cybersecurity Insiders

Fujitsu, an IT services firm from Japan was recently targeted by cybercriminals stealing sensitive data belonging to government offices says a report released by NHK- a Japan-based media resource. Sources reporting to Cybersecurity Insiders say that the data belonging to the Ministry of Land, Infrastructure, Transport, Cabinet secretariat, and Tourism were accessed & siphoned […]

FBI to share compromised passwords with Have I Been Pwned

The FBI will soon begin to share compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service that were discovered during law enforcement investigations. The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.

FBI Issues Flash Advisory on Conti Ransomware Attacks Impacting…

The Federal Bureau of Investigation has said in a flash announcement that the Conti ransomware group is responsible for at least 16 attacks targeting US healthcare and first responder networks within the last year. The victim organizations include law… #fbi #HealthCare #healthcareransomware

Failles / vulnérabilités

Les CAPTCHAs ne sont désormais plus fiables

Lors d’un débat à la RSA Conference 2021 sur les cyberattaques et les arnaques en ligne, les chercheurs ont discuté des leçons tirées après avoir étudié les techniques des cybercriminels et les attaques menées contre les grands organismes. L’un d’eux, Dan Woods, un ancien agent des forces de l’ordre, a partagé son expérience en tant que travailleur pour les fermes de CAPTCHA.

Un certificat SSL expiré bloque l’admin de Microsoft Exchange – Le Monde Informatique

Pendant quelques heures, le portail d’administration d’Exchange a été bloqué. Microsoft avait oublié de renouveler un certificat SSL. Les responsables IT ont eu quelques sueurs froides ce week-end avec l’impossibilité d’accéder au portail d’administration d’Exchange. En se connectant au site admin.exchange.com, les navigateurs émettaient des avertissements indiquant que la connexion n’était pas sécurisée en raison d’un certificat SSL expiré.

US announces new security directive after critical pipeline hack

The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. The new security directive requires critical pipeline owners and operators to report any confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA).

Bizarro banking malware targets 70 banks in Europe and South America

A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. Once landed on a Windows system, the malware can force users into entering banking credentials and uses social engineering to steal two-factor authentication codes.

Justice / police / réglementation

British Police Arrest Eight People in Smishing Fraud Case

City of London and Metropolitan Police arrested eight men for allegedly sending fake messages and trying to trick people into paying a fee to retrieve a parcel, stealing their login credentials in the process. If you’ve ever wondered about the mechanism behind… #lawenforcement #phishing #smishing

Boss of ATM Skimming Syndicate Arrested in Mexico

Florian “The Shark” Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.

Clearview AI hit with massive legal complaint by privacy watchdogs | CyberNews

The data harvesting practices of American facial recognition company Clearview AI are subject to a massive legal complaint launched by four large privacy and digital rights organisations today. Privacy International, alongside the Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb – the European Center for Digital Rights, has launched legal complaints with regulators across Europe about Clearview’s data collection practices.

Divers / Suisse

Hackers Exploit Post-COVID Return to Offices

Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials. With COVID-19 restrictions lifting and workers trickling back to offices, threat actors are sharpening their spear phishing ploys. The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices.

La newsletter