L’hebdo des cyber-menaces (20 juin 2021)

In Carnet de veille

Photo by ThisIsEngineering on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Over a billion records belonging to CVS Health exposed online | ZDNet

In another example of misconfigured cloud services impacting security, over a billion records belonging to CVS Health have been exposed online. On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry.

Carnival Confirms Another Security Breach Impacting Staff and Passengers

One of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew. Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line.

Alibaba suffers billion-item data leak of usernames and mobile numbers

Alibaba’s Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. The info was lifted from the site by a crawler developed by an affiliate marketer. Chinese outlet 163.com reported the case last week and today it was picked up by the Wall Street Journal.

Poland blames Russia for breach, theft of Polish officials’ emails

Poland’s deputy prime minister Jarosław Kaczyński says last week’s breach of multiple Polish officials’ private email accounts was carried out from servers within the Russian Federation. “After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies of various political options were subject to a cyber attack,” Kaczyński said in a statement published today.

Audi, Volkswagen customer data being sold on a hacking forum

Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container. Last week, the Volkswagen Group of America, Inc. (VWGoA) disclosed a data breach after a vendor left customer data unsecured on the Internet between August 2019 and May 2021.

Nintendo Says Another 140,000 Accounts May Have Been Exposed

Back in April, Nintendo confirmed that approximately 160,000 users had their accounts hacked. At the time, the company encouraged people to enable two-factor authentication and emailed individual customers who had been affected that it was resetting their Nintendo Network IDs (NNID). Now, after further investigation,…

Cyberattaques / fraudes

Biden says he gave Putin list of 16 sectors that should be off-limits to hacking – CyberScoop

President Joe Biden said he gave Russian President Vladimir Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be the subject of malicious cyber activity during a meeting between the two men in Geneva on Wednesday.

A Genève, Biden et Poutine ont ouvert le dialogue sur les cyberattaques étatiques

Genève était au centre de l’attention internationale ce mercredi 16 juin, à l’occasion de la rencontre Biden-Poutine. Les deux présidents ont notamment abordé la question de la cybersécurité sur un plan géopolitique. Pour rappel, les Etats-Unis ont attribué l’opération massive de cyberespionnage SolarWinds à des hackers affiliés à la Russie.

Russian actors had access to Dutch police computer network during MH17 probe

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014.

Criminals are mailing altered Ledger devices to steal cryptocurrency

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. Ledger has been a popular target by scammers lately with rising cryptocurrency prices and the popularity of hardware wallets to secure cryptofunds.

Failles / vulnérabilités

N Korean hackers used VPN flaws to breach S Korean atomic agency

Korea Atomic Energy Research Institute (KAERI), which is a government-owned organization in South Korea, has disclosed that its internal network was targeted by cybercriminals possibly operating from North Korea. The KAERI is a Seoul-funded research institute established in 1959.

Les communications des premiers téléphones mobiles étaient volontairement exposées

Un article scientifique récemment publié, puis repéré par Motherboard, fait l’effet d’une bombe dans le milieu du chiffrement. Des chercheurs estiment que, non seulement la technologie qu’utilisaient les téléphones mobiles dans les années 1990 et 2000 était exposée aux hackers, mais qu’elle l’était probablement intentionnellement.

Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents – CyberScoop

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry’s knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens.

Peloton Bike+ vulnerability allowed complete takeover of devices

A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. Peloton is the manufacturer of immensely popular fitness machines, including the Peloton Bike, Peloton Bike+, and the Peloton Tread.

Three UK telco bug has customers receiving and making random calls

Customers of the Three UK telco company are panicking as they receive a series of random phone calls due to an ongoing issue. Likewise, outbound calls from customers are being routed to random strangers. Three is the fourth-largest British telecom giant and Internet Service Provider (ISP) with 13.3 million subscribers as of 2020.

Justice / police / réglementation

Police Bust Major Ransomware Gang Cl0p

Police in Ukraine announced it arrested members of the ransomware gang that called itself Cl0p, seizing computers and cash in a major international operation.

Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland.

Repairmen suspected of installing ransomware on customers’ PCs…

According to a report by Catalin Cimpanu at The Record, authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers…

DOJ to Treat Ransomware Hacks Like Terrorism Now: Here’s the Full Memo

The U.S. Department of Justice plans to take a much harsher approach when pursuing cybercriminals involved in ransomware attacks-and will investigate them using strategies similar to those currently employed against foreign and domestic terrorists. The new internal guidelines, previously reported by , were passed down to U.S.

SEC settles with First American over massive leak of mortgage data, disclosure | ZDNet

The Securities and Exchange Commission (SEC) has agreed to a settlement with First American over the leak of millions of financial records and subsequent disclosure. Announced on Tuesday, the settlement will see the case closed in return for a $487,616 penalty and adherence to a cease-and-desist order.

Divers / Suisse

As vaccine passports morph into digital IDs, privacy advocates want to know that user data is protected – CyberScoop

Tech companies and global organizations have championed health passes, sometimes known as vaccine passports, as a means to securely reopen businesses and borders as COVID-19 cases drop and vaccination rates rise. The technology is meant to serve as a secure way to prove vaccination without someone needing to present a physical vaccine card or other documentation.

Google force installs Massachusetts MassNotify Android COVID app

Google is force-installing a Massachusetts COVID-19 tracking app on residents’ Android devices without an easy way to uninstall it. For the past few days, users have reported that Google silently installed the Massachusetts ‘MassNotify’ app on their devices without the ability to open it or find it in the Google Play Store.

Visa et Mastercard concluent de nouveaux accords pour déployer la biométrie

Mastercard et Visa ont annoncé avoir conclu de nouveaux partenariats pour déployer plus largement l’authentification biométrique. Des nouveaux accords qui pourraient leur permettre de tirer profit de cette tendance émergente. Les deux entreprises s’ouvrent davantage à la biométrie. D’un côté, Mastercard s’associe à FinGo, la première plateforme d’authentification d’identité biométrique et de paiement au monde.

Une panne Akamai empêche l’accès à des sites bancaires et des compagnies aériennes – Le Monde Informatique

Une dizaine de jours après le fournisseur CDN Fastly, c’est au tour d’Akamai d’être confronté à une panne. De nombreux sites incluant American Airlines, United Airlines et Delta Airlines ou encore Virgin Australia, Commonwealth Bank et la Reserve Bank of Australia ont été touchés.

La newsletter