L’hebdo des cyber-menaces (27 juin 2021)

In Carnet de veille

Photo by Karolina Grabowska on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Georgia fertility clinic discloses breach of patient SSNs and medical info after ransomware attack | ZDNet

A fertility clinic in Georgia has notified about 38,000 patients that their medical information and other data like social security numbers had been accessed by cybercriminals during a ransomware attack in April.

Cyber-attack Exposes Eye Clinic Patient Data

A cyber-attack on an eye clinic with locations across Iowa may have exposed the records of hundreds of thousands of patients. On Tuesday, Wolfe Eye Clinic announced that it had suffered a digital assault in February of this year. During the attack, an unauthorized third party gained access to the clinic’s computer network.

Swedish COVID-19 lab with millions of test results breached | CyberNews

IT solutions provider from Sweden reported it had detected hackers peaking inside a database with over 3 million COVID-19 test results.

Mercedes-Benz data breach exposes SSNs, credit card numbers

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.

Cloud Database Exposes 800M+ WordPress Users’ Records

A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost.

Tulsa warns of data breach after Conti ransomware leaks police citations

The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online. In early May, Tulsa suffered a ransomware attack that led to the City shutting down its network to prevent the spread of the malware.

Cyberattaques / fraudes

Les conteneurs, nouvelles proies des cybercriminels – Le Monde Informatique

Depuis plusieurs mois le cyberattaques montent en puissance en causant toujours plus de dégâts. La dernière tendance mise en avant dans l’étude d’Aqua Security montre que les pirates s’en prennent aussi avec succès aux environnements conteneurisés et nativement cloud.

Failles / vulnérabilités

Plus de 30 millions d’ordinateurs Dell peuvent être piratés à distance

Un ensemble de failles permet d’usurper l’identité des serveurs de mise à jour UEFI et, par conséquent, de prendre le contrôle des terminaux. Des correctifs sont disponibles.

Doctolib a transféré des données sensibles à Facebook et Outbrain

Selon le média allemand Mobilsicher , Doctolib aurait envoyé les mots-clés tapés par les utilisateurs dans le moteur de recherche de la plateforme à Facebook et Outbrain, pendant plusieurs mois. Pour quelles raisons ? Nous ne le savons pas clairement pour le moment.

Justice / police / réglementation

La police britannique réalise la “plus grosse saisie de cryptomonnaie au monde”

C’est en effectuant une série de descentes dans des planques utilisées par le “gang des blanchisseurs” que les policiers de la brigade spécialisée dans la lutte contre la fraude économique sont tombés sur un magot d’argent sale en monnaies virtuelles.

Six arrested for siphoning €12 million in fraudulent COVID-19 unemployment payments from France

On 16 June, officers from the French National Gendarmerie (Gendarmerie Nationale) and the Israeli Police (משטרת ישראל‎) closed in on the members of an organised crime group running a sophisticated benefit fraud scheme on either side the Mediterranean Sea. A total of six individuals were arrested in various locations across France.

Divers / Suisse

EU Boost against cyberattacks: EU Agency for Cybersecurity welcomes proposal for the Joint Cyber Unit

Press Release The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit which will act as a platform to ensure an EU coordinated response to large-scale cyber incidents and crises.

John McAfee found dead after Spanish court approved extradition to US – CyberScoop

John McAfee, a cybersecurity industry pioneer who would go on to promote various cryptocurrencies and flee international law enforcement, has died in Spain, according to multiple news reports. McAfee, 75, died in a jail cell in Barcelona while awaiting extradition to the U.S. on charges of tax evasion, the Spanish newspaper El Pais reported Wednesday.

Google repousse son projet de bloquer les cookies tiers

Aujourd’hui, les cookies tiers sont considérés comme l’un des problèmes du web. Ceux-ci permettent en effet aux réseaux d’annonceurs de pister les internautes entre plusieurs sites, à des fins publicitaires. Et actuellement, ce type de cookie est déjà bloqué par un bon nombre de navigateurs.

La newsletter