Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !
Vol / perte de données
Electronic Arts est victime d’une fuite de données, le code source de FIFA 21 dérobé
A quelques jours de l'ouverture de l'E3 2021, Electronic Arts a confirmé avoir été victime d'une fuite de 780 Go de données. Les hackers…-Cybersécurité
June 9: No, there’s no evidence a hack called RockYou2021 exposed 8.4 billion passwords
This week the world saw the return of a depressing routine: new breathless headlines about another data breach… Also depressingly unsurprising? The claim of “8.4 billion leaked passwords” spread like…
McDonald’s discloses data breach after theft of customer, employee info
McDonald’s, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan.
NSW Health confirms data breached due to Accellion vulnerability
NSW Health is the latest Australian government entity to confirm being impacted by a vulnerability in the Accellion file transfer system.
Cyberattaques / fraudes
Avaddon ransomware group closes shop, sends all 2,934 decryption keys to BleepingComputer
Bleeping Computer worked with Emisoft to create a free decryptor that any Avaddon victim can use.
JBS Meat pays $11 million ransom to recover from ransomware attack quickly – Cybersecurity Insiders
To recover from the ransomware attack in less than a day, JBS USA has reportedly paid $11 million to hackers says a statement released by the company’s
Ce nouveau groupe de pirates a une mauvaise surprise pour les diplomates
Ce nouveau groupe d’attaquants ne fait pas dans la dentelle quand il s’agit de cyberespionnage.
Failles / vulnérabilités
Linux system service bug lets you get root on most modern distros
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.
Les testeurs du certificat Covid fédéral décèlent des failles
Lancé aujourd’hui 7 juin en phase pilote, le certificat Covid fédéral fait l’objet d’un test de sécurité public. Treize failles ont été signalées.
Lax security around URL shortener exposed PII of US retailer Carter’s customer base
Hundreds of thousands of customers may have been impacted.
TousAntiCovid Verif, le panier percé du pass sanitaire
Contrairement à ce que l’on peut penser, cette application de vérification envoie toutes les données médicales contenues dans les 2D-DOC à un serveur central. Ces données transitent par ailleurs en clair par une société américaine. L’éditeur nous explique pourquoi.
Justice / police / réglementation
FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld
From hidden master keys to pineapples stuffed with Bolivian marching powder – this story has it all
FBI uses ANOM App to capture more than 800 criminals worldwide – Cybersecurity Insiders
In what is supposed to be a mobile-based sting operation conducted by the United States Federal Bureau of Investigation (FBI) in association with
US DOJ recovers more than half of ransomware payment of Colonial Pipeline hack – Cybersecurity Insiders
In May this year, the United States fuel supplier Colonial Pipeline made a payment of $4.4 million in Bitcoins to DarkSide hacking group for freeing up
La justice condamne cette grand-mère pour avoir posté des photos de ses petits-enfants sur Facebook
Une mamie qui n’est pas près de republier des photos de ses petits-enfants.
Network security firm COO charged with medical center cyberattack
The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC).
Divers / Suisse
CISA Partners with Bugcrowd to Launch First Federal Civilian Crowdsourced VDP Platform
The crowdsourced VDP platform will allow FCEB agencies to receive security feedback from Bugcrowd’s community of ethical hackers
1 commentaire
Commentaires désactivés.