L’hebdo des cyber-menaces (3 oct 2021)

In Carnet de veille

Photo by Tima Miroshnichenko on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn’t have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free.

Anonymous leaks more EPIK host data; ‘larger than previous leak’

Hacktivist group Anonymous has published the second part of data stolen from controversial pro-right-wing web hosting platform Epik. As previously reported by Hackread.com, the previous leak comprised 180GB of the company’s data, and the current one is even bigger. The leak results from Anonymous’ displeasure over Epik’s preference to associate itself with right-wing websites, which the group regarded as extremists.

Mental Healthcare Providers Report Data Breaches

Data breaches at two American mental healthcare providers may have exposed thousands of individuals’ personal health information (PHI). Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people might have been impacted by a cyber-attack that took place in the late winter.

Canadian Vaccine Passport App Exposes Data

Canadian vaccine passport app PORTpass may have exposed personal information belonging to hundreds of thousands of users. According to a report by CBC News, the app’s operators left data, including names, identification documents, and email addresses, on an unsecured website. The personal information was allegedly stored in plain text and could be accessed by the public.

California Hospital data breach crisis deepens – Cybersecurity Insiders

UC San Diego Health, a California based healthcare service provider, reportedly suffered a data breach early this year, and it notified the 450,000 victims from September 7th, 2021. Going further, the details of the security incident was made public by the health services provider in July this year in which it stated that it became […]

Coinbase sends out breach notification letters after 6,000 accounts had cryptocurrency stolen | ZDNet

Coinbase is sending out breach notification letters to thousands of users after they discovered a « third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. » First reported by The Record, the letters say at least 6,000 Coinbase customers had funds removed from their accounts.

Cyberattaques / fraudes

Biden Plans to Convene 30 Countries to Address Ransomware

The Biden administration plans to meet with officials from dozens of countries later this month in an effort to better coordinate a crackdown on cybercriminal gangs-particularly ransomware. « This month, the United States will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically, » the president said in a statement published Friday.

Ransomware gangs are complaining that other crooks are stealing their ransoms | ZDNet

Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves. REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents.

Baby died at Alabama Springhill Medical Center due to cyber attack

An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.

New Android malware steals millions after infecting 10M phones

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by tricking them into subscribing to paid services without their knowledge. GriftHorse, the trojan used in these attacks, was discovered by Zimperium zLabs researchers who first spotted this illicit global premium services campaign.

Des bots Telegram s’attaquent aux mots de passe à usage unique

Sécurité : Ces mots de passe peuvent être utilisés pour contourner une authentification à deux facteurs. Des robots fonctionnant sur Telegram sont utilisés pour voler les mots de passe à usage unique utilisés dans l’authentification à deux facteurs (2FA). Mercredi, des chercheurs d’Intel 471 ont déclaré avoir constaté une « augmentation » du nombre de ces services fournis dans les cercles clandestins.

Failles / vulnérabilités

Apple Pay with VISA lets hackers force payments on locked iPhones

Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled. The method is akin to a digital version of pickpocketing.

Hackers rob thousands of Coinbase customers using MFA flaw

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature. Coinbase is the world’s second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries.

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

Researchers discover a new rootkit used by Chinese hackers against Windows 10 users

Justice / police / réglementation

https://www.bitdefender.com/blog/hotforsecurity/us-cryptocurrency-expert-pleads-guilty-to-helping-north-korea-evade-sanctions/

Suisse

ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage | SecurityWeek.Com

Switzerland-based web and application security company ImmuniWeb on Tuesday announced the launch of a free online tool designed to help organizations identify unprotected cloud storage. ImmuniWeb, formerly known as High-Tech Bridge, says the new tool can be used by IT and cybersecurity professionals to easily and quickly identify unprotected cloud storage instances in AWS, Microsoft Azure, Google Cloud Platform, IBM Cloud, Oracle Cloud, DigitalOcean, Rackspace and a dozen other public cloud services.

Here’s a New Free Tool to Discover Unprotected Cloud Storage Instances

ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage

Divers

FireEye Products & McAfee Enterprise Merge to Create $2B Entity

McAfee Enterprise and FireEye Products will merge into a single entity with nearly $2 billion in revenue following the close of Symphony Technology Group’s acquisition of FireEye’s product business, company officials report. The combined organization will have more than 40,000 customers and 5,000 employees.

La newsletter