Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
German audio tech giant Sennheiser exposed 55GB of customers’ data
According to a report from vpnMentor, the German audio equipment manufacturer, Sennheiser left an unsecured Amazon Web Services (AWS) server online. The server stored around 55GB of information on over 28,000 Sennheiser customers. AWS buckets are popular among businesses that require storing large data files.
Oregon medical group notifies 750,000 patients of data breach | ZDNet
The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information. Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
La Cnil met en demeure Clearview AI de cesser la collecte et l’usage de photos en ligne
La Cnil met en demeure la société Clearview AI de cesser d'ici deux mois la collecte et l'usage de photo et vidéos publiques aspirées sur Internet pour alimenter son logiciel de reconnaissance faciale. Elle estime qu'elle traite ces données personnelles de manière illicite car elle ne dispose d'aucune base légale.
Cyberattaques / fraudes
Hackers Steal $140 Million From Users of Crypto Gaming Company
VulcanForge becomes the third cryptocurrency company to be hit by hackers this month. In total, hackers have stolen more than $400 million.
400 Banks’ Customers Targeted with Anubis Trojan
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware. Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.
Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. The gang did not waste much time adopting the new attack vector and is the first « top-tier » operation known to weaponize the Log4j vulnerability.
Suspected Iranian hackers target airline with new backdoor | ZDNet
A suspected, state-sponsored Iranian threat group has attacked an airline with a never-before-seen backdoor. On Wednesday, cybersecurity researchers from IBM Security X-Force said an Asian airline was the subject of the attack, which likely began in October 2019 until 2021.
Inside Ireland’s Public Healthcare Ransomware Scare
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.
Failles / vulnérabilités
Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability | ZDNet
Apache has released version 2.17.0 of the patch for Log4j after discovering issues with their previous release, which came out on Tuesday. Apache said version 2.16 « does not always protect from infinite recursion in lookup evaluation » and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability.
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. « This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability, » Matthew Warner, CTO of Blumira, said.
Brand-New Log4Shell Attack Vector Threatens Local Hosts
The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities. Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution (RCE) on servers locally, via drive-by compromise.
Justice / police / réglementation
Ransomware suspect arrested over attacks on ‘high-profile’ organisations | ZDNet
Europol’s European Cybercrime Centre has worked with the Romanian National Police and FBI on the arrest of a suspected ransomware affiliate who is alleged to have targeted high-profile organisations and companies for their sensitive data. Europol said a 41-year old Romanian man has been arrested in Craiova, Romania.
NY Man Pleads Guilty in $20 Million SIM Swap Theft
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud.
Vaucluse : Un jeune homme mis en examen pour 19 millions d’euros extorqués par des rançongiciels
CYBERCRIMINALITÉ – Lors de la perquisition chez les parents où vivait le jeune homme de 23 ans, les policiers ont mis la main sur un lingot d’or, une Rolex et 19 millions d’euros en cryptomonnaies Un jeune homme, soupçonné d’avoir blanchi dans des cryptomonnaies 19 millions d’euros extorqués lors d’attaques au rançongiciel, a été mis en examen vendredi, a-t-on appris lundi de source proche du dossier.
Norway fines Grindr for $7.3 million over privacy breach – CyberScoop
Norway’s data protection agency is fining LGBTQ+ social app Grindr nearly $7.1 million for unlawfully disclosing personal data to third parties for marketing. The ruling follows a 2020 complaint by the Norwegian Consumer Council alleging that Grindr shared user device data with third parties that, due to the nature of the app, effectively allowed advertisers to connect those users with information about their sexual orientation.
Suisse
Les régies Brolliet et Domicim paralysées par un ransomware
Les cyberpirates ne laissent aucun répit aux entreprises de la région. Une attaque par ransomware contre le groupe immobilier DBS, qui possède notamment les régies Brolliet et Domicim, vient encore rallonger la liste des délits de ce type qui ont marqué l’année 2021 en Suisse romande.
Divers
DarkWeb : le marché des pass sanitaires frauduleux explose
L’hiver est arrivé en France et en Europe, et avec lui une nouvelle vague d’infections Covid-19. Celle-ci est tellement brutale que certains pays envisagent désormais d’instaurer une obligation vaccinale accompagnée de nouvelles restrictions de liberté. Mais cette situation, fort déprimante, fait aussi des heureux.
Pegasus : nouveaux détails concernant la faille de sécurité des iPhone exploitée par NSO
Hasard du calendrier, une équipe d’experts en sécurité informatique de Google, baptisée Project Zero, a publié, mercredi 15 décembre, une analyse détaillée d’une faille de sécurité critique exploitée par l’entreprise israélienne NSO Group, qui commercialise le logiciel espion Pegasus auprès de clients étatiques.
