Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Les fabricants de smartphones pistent les utilisateurs
Les applications du système, installées par défaut sur votre smartphone et généralement impossibles à désinstaller, ont tendance à se faire discrètes. Alors que les utilisateurs ont au moins le choix avec d’autres applications et services, dans ce cas le suivi et la surveillance du dispositif sont établis au moment même de la fabrication.
Hacker accessed medical info at UMass Memorial Health
Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and impacted more than 209,048 individuals. Potentially exposed data include social security numbers, insurance information and medical information.
Cyberattaques / fraudes
Iranian Gas Stations Crippled After Suffering Cyberattack
Petrol stations across Iran were crippled after a cyberattack that led to disruption in fuel sales and defacing electronic billboards for displaying threatening messages mocking the government’s ability to distribute fuel. On Wednesday, Irani president Ebrahim Raisi confirmed that operations at the country’s gas stations were disrupted after suffering a sweeping cyberattack and blamed the act on attackers aiming to create « disorder and disruption. »
Une cyberattaque perturbe la distribution d’essence en Iran – Le Monde Informatique
L’Iran fait face à une pénurie d’essence d’ampleur nationale depuis plus de 24 heures. Une cyberattaque a paralysé des stations-service à travers le pays, bloquant l’accès aux pompes par carte électronique et laissant la population dans le désarroi. Depuis ce mardi 26 octobre, des perturbations du réseau de distribution de carburant secouent l’Iran et en particulier Téhéran.
SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns | ZDNet
Microsoft has warned that Nobelium, the hacking group behind the SolarWinds fiasco, has targeted at least 140 resellers and technology service providers in global IT supply chains.
Acer hit with second cyberattack in less than a week, Taiwanese authorities notified | ZDNet
Acer has confirmed yet another cyberattack on its servers in Taiwan after their offices in India were hit less than a week ago by the same group.
North Korean Lazarus APT Targets Software Supply Chain
A notorious North Korean APT group has been observed compromising the software supply chain, in campaigns reminiscent of the attacks on SolarWinds and Kaseya, according to Kaspersky. Lazarus infected legitimate South Korean security software to deploy a malicious payload to target a think tank in the Asian country, researchers explained.
81% of UK Healthcare Organizations Hit by Ransomware in Last Year
More than four-fifths (81%) of UK healthcare organizations suffered a ransomware attack in the last year, according to a new study by Obrela Security Industries. The survey of 100 cybersecurity managers in the health sector found that 38% of UK healthcare organizations have elected to pay a ransom demand to get their files back.
5,2 milliards $US en Bitcoin transigés potentiellement liés à un rançongiciel | WeLiveSecurity
Les acteurs malveillants utilisent de plus en plus des tactiques avancées pour obscurcir et blanchir leurs gains illicites, selon un rapport du gouvernement américain. Selon un rapport du Financial Crimes Enforcement Network (FinCEN) du Département du Trésor des États-Unis, des transactions Bitcoin sortantes d’une valeur de 5,2 milliards de dollars US pourraient être liées à des paiements de rançongiciel impliquant les 10 variantes de rançongiciel les plus courantes.
Ransomware: le célèbre groupe de pirates REvil a été hacké par les autorités américaines
Une opération conjointe et multinationale des forces de l’ordre a permis de pirater les sauvegardes des serveurs de REvil et d’en prendre le contrôle.
A Russian-speaking ransomware gang says it hacked the National Rifle Association – CyberScoop
A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if the NRA doesn’t pay an extortion fee of an undisclosed sum. The documents previewed on Grief’s leak site include grant applications and minutes from a meeting.
Failles / vulnérabilités
FBI warns of fake govt sites used to steal financial, personal data
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.
UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forged
As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports.
Israeli Researcher Cracked Over 3,500 Wi-Fi Networks in Tel Aviv City
Over 3500 WiFi networks in Tel Aviv have been cracked by Israeli researchers
QR Codes Help Attackers Sneak Emails Past Security Controls
Researchers have observed an attacker using a technique they hadn’t previously seen to attempt to sneak phishing emails past enterprise security filters. Abnormal Security, which reported the campaign this week, says between Sept. 15 and Oct.
Justice / police / réglementation
Police arrest 150 suspects after closure of dark web’s largest illegal marketplace
A 10-month investigation following the closure of the dark web’s largest illegal marketplace, DarkMarket, has resulted in the arrest of 150 suspected drug vendors and buyers. DarkMarket was taken offline earlier this year as part of an international operation.
150 arrested in dark web drug bust as police seize €26 million
Police forces across the world have arrested 150 alleged suspects involved in buying or selling illicit goods on the dark web as part of a coordinated international operation involving nine countries.
12 targeted for involvement in ransomware attacks against critical infrastructure
A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries. These attacks are believed to have affected over 1 800 victims in 71 countries.
EU investigating leak of private key used to forge Covid passes
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and forums. The key has also been misused to generate forged certificates, such as those for Adolf Hitler, Mickey Mouse, Sponge Bob-all of which are being recognized as valid by the official government apps.
Police arrest hackers behind over 1,800 ransomware attacks
Europol has announced the arrest of 12 individuals believed to be linked to ransomware attacks against 1,800 victims in 71 countries. According to the law enforcement report, the actors have deployed ransomware strains such as LockerGoga, MegaCortex, and Dharma, as well as malware like Trickbot and post-exploitation tools like Cobalt Strike.
Man gets 7 years in prison for hacking 65K health care employees
Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seven years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).
TrickBot malware dev extradited to U.S. faces 60 years in prison
A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison. 38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot’s browser injection module, the indictment alleges.
Man who « scraped and sold 178 million users’ data » is sued by Facebook
Facebook is suing a Ukrainian man for allegedly stealing the data of more than 178 million users, and then selling it on an underground cybercrime forum. In a lawsuit filed by the social networking giant on Friday, Facebook claims that between January 2018 and September 2019 Alexander Alexandrovich Solonchenko exploited a vulnerability in a feature which was supposed to help you connect with friends on the social network to scoop up users’ personal data.
Suisse
Protonmail wins Swiss court victory over data retention
Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a « victory for privacy, » after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm.
Divers
Le cybergang Fin17 recrute ses talents sur un site web maquillé – Le Monde Informatique
L’opérateur malveillant affilié à la Russie, Fin7, se fait passer sur le web pour une fausse société de sécurité nommée Bastion Secure. Son but : attirer des spécialistes informatiques pour concevoir et lancer des cyberattaques. Les cybergangs sont des entreprises comme les autres : elles ont besoin d’embaucher du personnel qualifié pour répondre à leurs besoins.
L0phtCrack Password Auditing Tool Now Available As Open Source
Developed and maintained for quite a while, the password auditing tool « L0phtCrack » now goes open source to assist the community. The developer anticipates active participation from the community in its improvement and maintenance in the future. The decades-old password auditing and recovery tool L0phtCrack is now finally available for all to use as open source.