L’hebdo des cyber-menaces (21 nov 2021)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

200M Adult Cam Model, User Records Exposed in Stripchat Breach

UPDATE A database containing the highly sensitive information on both users and models on the popular adult cam site Stripchat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more. Stripchat is a popular site founded in 2016 and based in Cyprus that sells live access to nude models.

Utah medical center hit by data breach affecting 582k patients

Utah Imaging Associates (UIA), a Utah-based radiology center, has announced a data breach affecting 582,170 people after their personal information was exposed. According to the data breach notification sent to affected individuals, the security incident was discovered on September 4, 2021, and was remediated on the same day.

FBI Hacker Offers to Sell Data Allegedly Stolen in Robinhood Breach | SecurityWeek.Com

The hacker who last week sent out thousands of fake emails from FBI systems is offering to sell data allegedly stolen in the recent breach at mobile stock trading platform Robinhood.

Facebook demands LAPD end social media surveillance and use of fake accounts

Facebook is demanding that the Los Angeles police department cease all use of « dummy » accounts on its platforms and stop collecting data on users for surveillance.

Cyberattaques / fraudes

Emotet botnet comeback orchestrated by Conti ransomware gang

The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang. Security researchers at intelligence company Advanced Intelligence ( AdvIntel) believe that restarting the project was driven by the void Emotet itself left behind on the high-quality initial access market after law enforcement took it down ten months ago.

Le botnet Emotet ressuscite via le malware Trickbot – Le Monde Informatique

Démantelé début 2021 par une coalition internationale de forces de police et de justice, le botnet Emotet a été remis en activité. Il se reconstruit par le biais du malware Trickbot. Une victoire au goût amer ?

Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims

Researchers Expose Secrets of Conti Ransomware Group That Made 25 Million from Attacks

FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The FBI’s email system was hacked to send a fake cyber security alert to thousands

Iranian government-backed hackers target critical infrastructure with ransomware, US says – CyberScoop

U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure. The hackers are interested in taking advantage of known software flaws where they can, the agencies said.

Failles / vulnérabilités

FBI warns of APT group exploiting FatPipe VPN zero-day since May

The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets’ networks. FatPipe is a Salt Lake City computer networking hardware firm headquartered specializing in WAN optimization solutions with many Fortune 1000 companies on its customer list.

Six million Sky routers exposed to takeover attacks for 17 months

Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. The disclosed vulnerability is a DNS rebinding flaw that threat actors could easily exploit if the user had not changed the default admin password, or a threat actor could brute-force the credentials.

Justice / police / réglementation

Banks must report major cyber incidents within 36 hours under finalized regulation – CyberScoop

Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday. Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers’ ability to access their accounts, or impact the larger financial system.

Iranians Charged in Cyberattacks Against U.S. 2020 Election

The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation. The U.S. Department of Justice has unsealed charges against two Iranian nationals for cyberattacks against the U.S. 2020 presidential campaign, and there’s a $10 million reward offered for information on their activities.


La Confédération doit-elle se charger de la cyber-protection des cantons, communes et PME?

En réponse à une motion parlementaire, le Conseil fédéral juge que la protection des cantons, communes et PME contre les cyberattaques n’est pas du ressort de la Confédération et que cela constituerait une atteinte à la souveraineté des uns et à la liberté économique des autres.


Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity – CyberScoop

President Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions. The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments.

Veilleur et spécialiste en cybersécurité