L’hebdo des cyber-menaces (11 juil 2021)

In Carnet de veille

Photo by Sora Shimazaki on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Morgan Stanley Suffers Data Breach Following Accellion FTA’s Attack

Cybercriminals exploited a series of vulnerabilities in Accellion FTA, a third-party file transfer service widely used in enterprises as an alternative to email attachments. The massive cyberattack led to a data breach at Morgan Stanley, exposing sensitive personal information, according to Ars Technica. Morgan Stanley is one of the collateral victims of the Accellion FTA cyberattack.

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States. BleepingComputer reported that Mint Mobile has disclosed a data breach that exposed subscribers’ account information and ported phone numbers to another carrier.

Cyberattaques / fraudes

Dark Reading | Security | Protect The Business

A massive supply-chain ransomware attack targeting managed service providers (MSPs) who use the Kaseya Virtual System Administrator (VSA) has left data at more than 1,000 companies encrypted and the attackers demanding $70 million in ransom.

Criminals In Historically Large, Global Cyberattack Demand $70 Million Ransom

The criminal group REvil, which has claimed responsibility for a global cyberattack security officials are calling one of the largest in history, has demanded $70 million in return for a tool it says will unlock all of the devices that have been hacked.

Kaseya : le ransomware à l’origine de l’attaque était programmé pour éviter les systèmes russophones

Selon un rapport de l’entreprise en cybersécurité Trustwave SpiderLabs relayé par la , le ransomware qui a touché la société informatique Kaseya le 2 juillet 2021, contient un code pour éviter tout système utilisant le russe ou une langue apparentée. Le groupe à l’origine de l’attaque, REvil, est réputé pour opérer depuis le territoire russe.

La cyberattaque contre Kaseya a pu toucher jusqu’à 1 500 entreprises

Une douzaine de pays ont été affectés par cette attaque par ransomware. La Suède et la Nouvelle-Zélande ont été plus particulièrement touchées.

Victime d’un ransomware, Comparis.ch est à nouveau en ligne (update)

Mise à jour du 9 juillet 2021 : Après l’attaque de ransomware contre Comparis, le site web du service de comparaison est à nouveau en ligne. Un porte-parole de la société a indiqué au quotidien alémanique Tagesanzeiger que les attaquants ont exigé une rançon de 400 000 dollars américains pour le décryptage des données.

Iran’s railroad system was hit by a cyberattack ………..

Iran’s railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, the Fars news agency reported. The messages on the boards informed passengers that the trains were “long delayed because of cyberattack” or “canceled.”

Failles / vulnérabilités

Microsoft Releases Emergency Patch for ‘PrintNightmare’ Vuln

Microsoft has rushed out an emergency security update for “PrintNightmare,” a critical remote code execution vulnerability present in all versions of its Windows operating system. In an advisory Tuesday afternoon, the company urged organizations to apply the patches immediately, saying it had detected active exploitation of the bug.

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time.

Justice / police / réglementation

Une Unité conjointe de cybersécurité afin de renforcer la réaction face aux incidents de sécurité majeurs en Europe

La Commission présente ce jour une vision qui consiste à créer une nouvelle unité conjointe de cybersécurité pour combattre le nombre croissant des graves incidents de cybersécurité qui ont des répercussions sur les services publics ainsi que sur la vie des entreprises et des citoyens dans l’ensemble de l’Union européenne.

FBI warns cryptocurrency owners, exchanges of ongoing attacks

The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. The FBI issued the warning via a TLP:GREEN Private Industry Notification (PIN) designed to provide cybersecurity professionals with the information required to properly defend against these ongoing attacks.

Biden Tells Putin Russia Must Crack Down On Cybercriminals

WASHINGTON (AP) – President Joe Biden told Russian President Vladimir Putin in a Friday phone call that he must “take action” against cybercriminals acting in his country and that the U.S. reserves the right to “defend its people and its critical infrastructure,” the White House said.

Divers

CYSEC teams up with armasuisse to bring confidential computing to space – EPFL Innovation Park –

28.06.2021 – Cyber security start-up CYSEC and the Cyber Defense Campus of armasuisse entered into a Public-Private-Partnership (PPP). CYSEC’s trusted execution environment ARCA is well-suited for an industrial implementation of a technology developed by armasuisse. The goal is to protect data transiting and collected in space via satellites.

La newsletter