L’hebdo des cyber-menaces (22 août 2021)

In Carnet de veille

Photo by Mati Mango on Pexels.com

Déroulez ici

J’espère que vous avez profité de vos vacances et voici le rapport de veille de la semaine faisant le tour des dernières actualités les plus intéressantes. Bon redémarrage et merci pour le café !

Vol / perte de données

T-Mobile: >40 Million Customers’ Data Stolen

T-Mobile has confirmed much of what a threat actor bragged about over the weekend: Personal details for tens of millions of current, former or prospective T-Mobile customers were stolen in a huge breach of its servers.

T-Mobile data breach: New information uncovered by the investigation – Help Net Security

In the wake of the recent claims that T-Mobile U.S. has suffered a massive data breach and the consequent industry reactions, the company has shared additional information its internal investigation has uncovered.

Les Talibans ont récupéré les données biométriques collectées par l’armée américaine

Une nouvelle menace plane sur la population afghane. Dans le chaos du retrait des forces américaines en Afghanistan, les militaires américains ont laissé derrière eux bien plus que des Humvees, des armes ou des hélicoptères : les données biométriques de millions de personnes.

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including classified « no-fly » records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.

Server taken offline 3 weeks after DHS notified …

Chase bank accidentally leaked customer info to other customers

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. New York City-based JPMorgan Chase Bank is a financial services giant with a $120 billion annual revenue and over 250,000 employees worldwide.

Cyberattaques / fraudes

US Hospitals Divert Care After Cyber-attack

A cyber-attack forced hospitals in West Virginia and Ohio to divert patients to other care providers and work from paper records. Threat actors targeted Memorial Health System with ransomware on the morning of August 15. The assault disrupted the IT systems at nearly all the health system’s 64 clinics and three hospitals – Marietta Memorial, Selby General, and Sistersville General.

Hive ransomware attacks Memorial Health System, steals patient data

In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected.

No Title

No Description

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000.

Japanese insurer Tokio Marine discloses ransomware attack

Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. The announcement came at the beginning of the week and contains little information about the incident outside the action taken to deal with the intrusion.

SynAck ransomware decryptor lets victims recover files for free

Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. The SynAck ransomware gang launched its operation in 2017 but rebranded as the El_Cometa gang in 2021. As part of this rebranding, the threat actors released the master decryption keys and documentation for their encryption algorithm on their Tor data leak site.

Failles / vulnérabilités

Researchers have cracked facial recognition systems | CyberNews

Just nine ‘master faces’ can pass for 40% of people’s faces. Getting the keys to the kingdom is a boon for any kind of criminal, which is why master keys – which allow access to any door possible in a building – are so sought after.

Justice / police / réglementation

DOJ to Consider Expanding Use of AI Prisoner Monitoring Tech

A House of Representatives panel has asked for a study to be done on the use of artificial intelligence (AI) to analyze prisoners’ phone calls. Reuters reports that the United States Department of Justice (DOJ) has been asked to report on the use of AI monitoring as a tool to prevent suicide and violent crime.

Europol: Islamic State Propaganda Networks Are Thriving

Official propaganda from the Islamic State (IS) dwindled during 2020 after disruption from Western coalition forces, but informal supporter networks continue to spread its message far and wide, Europol has warned. The law enforcement agency’s latest Online Jihadist Propaganda report analyzed the key trends of last year, highlighting the persistence of terrorist content across multiple online channels.

En Suisse

Vaud: Rolle a été piratée par des hackers

Mystérieux cas de hacking au bord du Léman: des masses d’infos ont été volées à la commune vaudoise, puis publiées. L’administration communale n’était pas au courant. Diese Story ist auch auf Deutsch verfügbar. Zur Story La commune vaudoise de Rolle, située au bord du lac Léman, a été touchée par une fuite massive de données.

Canton de Vaud – Le gymnase de la Broye victime d’une cyberattaque

Une intrusion dans le système d’information de l’établissement a été détectée le 6 août et les données de certains serveurs ont été chiffrées par des cybercriminels. Une plainte a été déposée. Des pirates ont tenté de s’introduire dans le système d’information du Gymnase intercantonal de la Broye (GYB) le 6 août dernier, annonce-t-il mercredi.

Réseau suisse de cliniques privées, Pallas est touché par un ransomware

La série d’attaques par ransomware se poursuit en Suisse. C’est au tour du groupe de cliniques privées Pallas d’en faire les frais. Présent dans une vingtaine de lieux en Suisse alémanique, ce réseau de cliniques spécialisées dans la chirurgie plastique et oculaire a annoncé l’attaque sur son site web, précisant qu’il ne peut actuellement être joint uniquement par téléphone.

Divers

Apple Adds a Backdoor to iMessage and iCloud Storage

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something.

Pour rester sous les radars, ces pirates utilisent… le morse

Le code malveillant contenu dans les pièces jointes vérolées est souvent encodé pour ne pas être détecté. Et les pirates n’hésitent pas à utiliser des méthodes anciennes et inhabituelles pour échapper aux antivirus.

La newsletter