Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Crypto.com confirms 483 accounts hacked, $34 million withdrawn
Crypto.com has confirmed that a multi-million dollar cyberattack led to the compromise of 483 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform.
Telegram is a hotspot for the sale of stolen financial accounts
Telegram is increasingly abused by cybercriminals to set up underground channels to sell stolen financial details to pseudonymous users.
Cyberattaques / fraudes
Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.
Indonesia’s central bank confirms ransomware attack, Conti leaks data
Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month.
Cyberattaque : l’Ukraine accuse la Russie et dit avoir des ” preuves “
L’Ukraine a affirmé dimanche avoir des ” preuves ” de l’implication de la Russie dans la cyberattaque ayant visé plusieurs sites gouvernementaux, dans un contexte de vives tensions entre Kiev et Moscou.
Failles / vulnérabilités
Dutch cybersecurity agency warns of lingering Log4j risks
In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.
Over 90 WordPress themes, plugins backdoored in supply chain attack
A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting (XSS) bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails.
Justice / police / réglementation
This VPN service used by cyber criminals to deliver ransomware has just been taken down by police
Joint action supported by Europol has seized servers used by criminals and identified more than 100 businesses that have fallen victim to attacks.
U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine
U.S. has imposed sanctions on four Ukrainian government officials for their involvement in a Russian-directed campaign to destabilize Ukraine.
Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang
Interpol-led police operation has arrested 11 members of the Nigerian BEC cybercrime gang.
REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums
Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say.
Suisse
Vaud affine sa stratégie numérique au plus près des citoyens
Face aux cyberattaques de tous bords, l’Etat de Vaud a fait jeudi le point de la situation sur sa stratégie numérique. Tout en renforçant sa propre cybersécurité, le canton réaffirme sa volonté d’accompagner les citoyens et les communes dans la transition numérique. “La numérisation de la société appelle une action résolue de l’Etat.
La cyberattaque d’Emil Frey met les garages suisses dans l’embarras
Emil Frey, géant zurichois de l’importation de véhicules en Europe, est touché depuis mardi par un acte de piratage informatique. Nombre de professionnels du secteur ne peuvent plus réparer de voitures ni effectuer de ventes, a appris la RTS.
Divers
ProtonMail to block tracking pixels, hide IP addresses
The feature is enabled by default on ProtonMail’s web app.
After ransomware arrests, some dark web criminals are getting worried
Analysis of dark web chatter suggests that some ransomware affiliates worry law enforcement might come for them next.
UK’s Cyber Security Center publishes new guidance to fight smishing
UK’s National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls.
