Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.
Anonymous leaks more EPIK host data; ‘larger than previous leak’
According to Anonymous, the EPIK data leak involves bootable disk images, API tokens, over 500,000 private keys, etc. all in plain-text format.
Mental Healthcare Providers Report Data Breaches
Seattle’s Samaritan Center and Philadelphia’s Horizon House warn PHI may have been exposed
Canadian Vaccine Passport App Exposes Data
Personal information of hundreds of thousands of PORTpass users allegedly viewable in plain text
California Hospital data breach crisis deepens – Cybersecurity Insiders
UC San Diego Health, a California based healthcare service provider, reportedly suffered a data breach early this year, and it notified the 450,000
Coinbase sends out breach notification letters after 6,000 accounts had cryptocurrency stolen
The letters come after thousands of people complained this summer about lackluster customer service from the cryptocurrency platform.
Cyberattaques / fraudes
Biden Plans to Convene 30 Countries to Address Ransomware
The Biden administration plans to meet with officials from dozens of countries later this month in an effort to better coordinate a crackdown on cybercriminal gangs-particularly ransomware.
Ransomware gangs are complaining that other crooks are stealing their ransoms
Ransomware gangs are shocked to find out that cyber crooks will scam other criminals if they can.
Baby died at Alabama Springhill Medical Center due to cyber attack
A baby allegedly received inadequate childbirth health care, and later died, at an Alabama hospital due to a ransomware attack.
New Android malware steals millions after infecting 10M phones
A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by tricking them into subscribing to paid services without their knowledge.
Des bots Telegram s’attaquent aux mots de passe à usage unique
Ces mots de passe peuvent être utilisés pour contourner une authentification à deux facteurs.
Failles / vulnérabilités
Apple Pay with VISA lets hackers force payments on locked iPhones
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card.
Hackers rob thousands of Coinbase customers using MFA flaw
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.
Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users
Researchers discover a new rootkit used by Chinese hackers against Windows 10 users
Justice / police / réglementation
Suisse
ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage
Switzerland-based web and application security company ImmuniWeb on Tuesday announced the launch of a free online tool designed to help organizations identify unprotected cloud storage.
Here’s a New Free Tool to Discover Unprotected Cloud Storage Instances
ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage
Divers
FireEye Products & McAfee Enterprise Merge to Create $2B Entity
The combined company will have 5,000 employees, more than 40,000 customers, and nearly $2 billion in revenue, officials report.
