Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Facebook to delete 1 billion faceprints in Face Recognition shutdown
Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people’s facial recognition profiles. Facebook’s Face Recognition system analyzes photos taken of tagged users and associated users’ profile photos to build a unique identifier or template.
Ukraine Unmasks Armageddon Group as FSB Officers
Ukrainian special services claim to have identified the operatives behind the prolific « Armageddon » hacking group, alleging they are Russian FSB officers. In a brief statement, the Security Service of Ukraine (SSU) revealed that the group, also known as « Garmaredon, » was responsible for over 5000 attacks on the Ukrainian government and critical infrastructure assets.
Iranian Hacking Group Leaks Patient and LGBTQ Info
An Iranian hacking group has released highly sensitive personal information on hundreds of thousands of Israeli medical patients and members of an LGBTQ site, in a purported ransom attack. The Black Shadow group appears to have obtained the data after targeting Israeli hoster CyberServe, which reportedly refused to pay a $1m ransom.
45 millions de données de clients d’un VPN diffusées sur le web
Tout aurait pu se passer tranquillement entre un lanceur d’alerte et la société ActMobile. Une menace plus tard, et 45 millions de données sont diffusées sur Internet. L’américain ActMobile est une société spécialisée dans les services VPN . Elle permet à ses clients de surfer de manière sécurisée, anonymat entre le client et les sites visités.
Cyberattaques / fraudes
The Booming Underground Market for Bots That Steal Your 2FA Codes
The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts.
BlackMatter ransomware gang to shut down. Oh dear, what a shame, never mind
Oh dear, what a shame, never mind. The BlackMatter ransomware group, which just a month or two ago was asking internet users to stop bombarding it with insults as it attempted to negotiate payments from its corporate victims, appears to have announced that it is now closing down its operations.
The ‘Groove’ Ransomware Gang Was a Hoax
A number of publications in September warned about the emergence of » Groove, » a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists.
FBI: Ransomware targets companies during mergers and acquisitions
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in « time-sensitive financial events » such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.
HelloKitty ransomware gang also targets victims with DDoS attacks
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). According to the alert, the ransomware gang is launching distributed denial-of-service (DDoS) attacks as part of its extortion activities.
Failles / vulnérabilités
Microsoft warns of rise in password sprays targeting cloud accounts
The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords.
Cisco warns of hard-coded credentials and default SSH key issues in some products
Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The first flaw fixed by the IT giant, tracked as CVE-2021-34795, affects the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT).
Justice / police / réglementation
US offers $10 million reward for information on DarkSide leaders, $5 million for affiliates | ZDNet
Cyberwar and the Future of Cybersecurity Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps
The US Department of Justice has indicted a suspected Twitter hacker known as ‘PlugWalkJoe’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. SIM swap attacks are when threat actors take control of targets’ phone numbers by porting them to their own device’s SIM card.
Signal obligé de s’expliquer – encore – après une demande du FBI
Gestion des cookies Nous utilisons des cookies sur notre site web pour vous offrir l’expérience la plus pertinente en mémorisant vos préférences et vos visites répétées. En cliquant sur « Accepter », vous consentez à l’utilisation de ces cookies.
Ukraine intel doxed 5 FSB Officers that are members of Gamaredon APT
Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the Russian Federal Security Service (FSB).
Suisse
Le nombre de cyberattaques a doublé au premier semestre en Suisse
Deux fois plus de cas de cyberattaques ont été signalés durant le premier semestre 2021 au Centre national de cybersécurité (NCSC) par rapport à la même période l’an dernier. Les cas de « fake sextorsion » et de phishing ont notamment considérablement augmenté.
Divers
Twitter joins backlash against Australian plan to ID social media users | ZDNet
Australia’s plan to force social media users to identify themselves could damage people, harm international relations, and even breach human rights obligations, according to participants in a media roundtable on Friday. The Morrison government’s recent rush to identify users is based on the assumption that this would reduce online abuse.
US Bans Trade With Pegasus Spyware Maker
NSO Group – the Israeli-based maker of the notorious, military-grade Pegasus spyware that’s been linked to cyberattacks against dissidents, activists and NGOs (and murders of journalists) at the hands of repressive regimes – has been blacklisted by the United States. NSO Group is one of four spyware developers or traffickers that the U.S.
