L’hebdo des cyber-menaces (12 sept 2021)

In Carnet de veille

Photo by Tima Miroshnichenko on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des dernières actualités les plus intéressantes. Bon redémarrage et merci pour le café !

Vol / perte de données

Hackers Steal Data from United Nations

Hackers have broken into the computer network of the United Nations and made off with data, according to researchers at cybersecurity firm Resecurity. Bloomberg reports that the unidentified cyber-criminals behind the theft appear to have gained access simply by using login credentials stolen from a UN employee.

MyRepublic discloses data breach exposing government ID cards

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic an Asia-Pacific telecommunications carrier and Internet service provider with operations in Singapore, New Zealand, and Australia. Yesterday, MyRepublic Singapore began emailing data breach notifications disclosing that customers’ personal information was exposed after an unauthorized person gained access to a third-party data storage platform.

Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks | ZDNet

Two healthcare organizations have begun sending out breach notification letters to thousands of people in California and Arizona after both revealed that sensitive information — including social security numbers, treatment information and diagnosis data — were accessed during recent cyberattacks.

Cyberattaques / fraudes

REvil ransomware is back in full attack mode and leaking data

The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.


Yandex is battling the largest DDoS in Russian Internet history

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week. A report in Russian media says that the assault is the largest in the short history of the Russian internet, the RuNet, and that it was confirmed by a U.S.-based company.

Failles / vulnérabilités

Microsoft warns of an actively exploited Windows zero-day security hole

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content.

500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords – Malwarebytes Labs

A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected.

Justice / police / réglementation

Pro-Beijing operatives used social media to try promoting NYC protest – CyberScoop

Pro-China operatives behind an effort to cast a negative light on the United States during the COVID-19 pandemic tried using social media to promote a street demonstration earlier this year, according to findings released Wednesday by the intelligence firm Mandiant.

Ransomware gang threatens to leak data if victim contacts FBI, police

The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments.

ProtonMail : Un service sécurisé, mais pas au-dessus des lois

Sécurité : Protonmail aurait livré l’adresse IP d’un de ses utilisateurs dans le cadre d’une enquête policière. L’éditeur du service se défend en expliquant qu’il n’a fait que se plier au cadre légal en vigueur.

Ukrainian extradited for selling 2,000 stolen logins per week

The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace. The indictment alleges that Glib Oleksandr Ivanov-Tolpintsev operated a malware botnet that collected login credentials for multiple computers simultaneously using brute force techniques.

Money launderer connected to North Korean government hackers, ‘Hushpuppi’ is sentenced to 11 years – CyberScoop

A U.S. court sentenced a Canadian man to 11 years in prison for his role in a global hacking and money laundering scheme allegedly spearheaded by North Korean cybercriminals. Ghaleb Alaumary, a 36-year-old Ontario native, was sentenced Wednesday to 140 months in federal prison and to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering, the Justice Department announced.

En Suisse

Le Conseil fédéral approuve le message sur le renforcement de la cyberdéfense de l’armée

Berne, 01.09.2021 – Lors de sa séance du 1er septembre 2021, le Conseil fédéral a pris connaissance des résultats de la procédure de consultation portant sur diverses modifications touchant la loi sur l’armée, l’ordonnance sur l’organisation de l’armée et d’autres bases légales. Il a approuvé le message correspondant destiné au Parlement.

Un hacker exploite une faille sur le site de la Banque cantonale neuchâteloise

Décidément, la Suisse romande vit un été placé sous le signe des attaques informatiques… C’est au tour de la Banque cantonale neuchâteloise (BCN) de révéler qu’elle a dû affronter, début août, les salves d’un cyberpirate qui a pris pour cible son site internet. La BCN n’a pas reçu de demande de rançon, précise une porte-parole à Arcinfo.

Des hackers volent les données bancaires de clients de la CGN

La CGN indique sur son site web avoir identifié un incident de sécurité touchant sa billetterie en ligne. Des cyberpirates sont parvenus à introduire un code malveillant déclenchant l’apparition d’une fenêtre pop-in dans le processus de commande.


Whitehat hacker shows how to detect hidden cameras in Airbnb, hotels

There’s no doubt that the demand for home rental services like Airbnb is on the rise. But most of us aren’t aware of the dark side of using and blindly trusting such services.

WhatsApp adds end-to-end encryption to chat backups, locking up data in the cloud – CyberScoop

WhatsApp will add a feature that allows users to turn on end-t0-end encryption for messages they back up to cloud providers, the Facebook-owned company announced Friday. Since 2016, WhatsApp has offered end-to-end encryption, meaning messages are only accessible for the sender and the recipient.

Pro-Russian Disinformation Systematically Spread Using Western Media Channels

Western media channels are being systematically manipulated to spread pro-Russian government propaganda and disinformation, according to a new report by the Crime and Security Research Institute at Cardiff University. The researchers said they uncovered evidence that « provocative » pro-Russian or anti-Western statements were being systematically posted in reader comments sections in articles relating to Russia in 32 prominent media outlets across 16 countries.

Le créateur du web Tim Berners-Lee rejoint le conseil consultatif de ProtonMail

Technologie : L’arrivée de Tim Berners-Lee au sein de ProtonMail intervient après une période délicate pour l’entreprise, critiquée pour avoir fourni les adresses IP de l’un de ses utilisateurs aux autorités françaises. L’inventeur du World Wide Web, Tim Berners-Lee, a rejoint le conseil consultatif du fournisseur de services de messagerie hébergée ProtonMail.

La newsletter