Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Data Leak Exposes Personal Details of Airport Workers
A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents.
NSO Group Pegasus Spyware Aims at Finnish Diplomats
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam. The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials.
Russia unlikely to be tapping submarine cables by Ireland
A Russian naval exercise in the Atlantic, near several submarine cables between Britain, France and the US, is more likely to be sabre-rattling than an attempt to sabotage critical communication links. The exercise, around 250 nautical miles southwest of Ireland, is due to involve live firing of naval guns and rockets.
Cyberattaques / fraudes
Allemagne : un ransomware perturbe la distribution de pétrole – Le Monde Informatique
Les entreprises allemandes Oiltanking et Mabanaft (groupe Marquard & Bahls) spécialisées dans la distribution et le stockage de produits pétroliers ont été frappées samedi par une cyberattaque de grande ampleur. Leurs systèmes d’informatique industrielle ont été impactés et un cas de force majeure déclaré. Le responsable serait le ransomware Black Cat.
FBI urges athletes to keep personal devices at home, use burners during Beijing Winter Olympics | ZDNet
In a notice released on Monday, the FBI warned Olympic athletes about bringing their devices to the 2022 Beijing Winter Olympics and March 2022 Paralympics while also raising concerns about the potential for cyberattacks against the event. The best security key While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
Swissport on Twitter: « ⚠️ A part of #Swissport’s IT infrastructure was subject to a ransomware attack. The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery. / Twitter »
⚠️ A part of #Swissport’s IT infrastructure was subject to a ransomware attack. The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery.
Airport services firm Swissport reports ransomware incident | ZDNet
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said the ransomware attack targeted its IT infrastructure. The group behind the attack was not named. Also: Prosecutors investigating cyberattacks affecting multiple Belgian and Dutch ports « The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible.
LockBit ransomware gang claims to have stolen data from PayBito
PayBito is a bitcoin and cryptocurrency exchange for major cryptocurrencies including Bitcoin Cash, Bitcoin, Ethereum, HCX, Litecoin, Ethereum Classic. The exchange is operated by global blockchain and IT services company HashCash. LockBit ransomware operators claim to have stolen customers’ data from the PayBito crypto exchange, the name of the company was published on the gang’s Tor leak site.
FBI shares Lockbit ransomware technical details, defense tips
The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday. It also provided information to help organizations block this adversary’s attempts to breach their networks and asked victims to urgently report such incidents to their local FBI Cyber Squad.
New Wave of Cyber Attacks Target Palestine with Political Bait and Malware
A new wave of cyberattacks is targeting Palestinian activists and entities with politically-themed phishing emails and decoy documents.
Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers
Cybersecurity researchers uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.
Failles / vulnérabilités
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also « hack every website you’ve ever visited. » A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug (UXSS) Safari bug has been awarded what is reportedly a record $100,500 bug bounty.
Crypto Finance Firm Offers $2m Bug Bounty to Hackers
A decentralized lending platform that lost $80m to hackers has offered them an astonishing multimillion-dollar bug bounty in return for the stolen funds. Qubit Finance revealed at the end of last week that an attacker had exploited a vulnerability in its QBridge deposit function.
Une vulnérabilité sévère affecte toutes les distributions Linux
Le directeur du Lab Qualys déclare : » Nous continuons de dire que chaque nouvelle vulnérabilité sévère est un » coup de semonce « , mais, dans les faits la communauté ne réagit pas.
Justice / police / réglementation
Europol coordinates action against bomb manuals available online | Europol
The referral activity targeted online content on explosive chemical precursors which was being shared among terrorist supporting networks, including jihadist, right-wing and left-wing terrorist networks. The action day resulted in 563 pieces of content on 106 websites and platforms being assessed for referral to online service providers for their voluntary consideration against their terms and conditions.
Suisse
Trust Valley🇨🇭 lance un programme d’aide aux PME vaudoises et lémaniques face aux cybermenaces – EPFL Innovation Park –
03.2.2022 – En réponse aux cybermenaces, la Trust Valley🇨🇭 lance Trust4SMEs, un programme pionnier et mutualisé de transformation numérique sécurisée pour épauler les PME vaudoises et lémaniques. On estime qu’en Suisse une PME sur trois a déjà été victime d’une cyberattaque et la tendance a subi une hausse de 44% en 2021.
Cyberattaque contre Emil Frey: des données publiées sur le darkweb (update)
Mise à jour du 3 février 2022: Après la cyberattaque contre le concessionnaire automobile Emil Frey, les pirates ont publié des données internes. Selon le média en ligne Watson.ch, les criminels ont eu recours à un double chantage, demandant une rançon non seulement pour le décryptage des données compromises, mais aussi pour ne pas publier en ligne les fichiers volés.
Les identifiants d’e-banking d’UBS ciblés par une vague de SMS malveillants
Depuis le 24 janvier 2022, des criminels tentent de voler des données de compte d’e-banking en se faisant passer pour la banque UBS, rapporte le site Cybercrimepolice.ch géré par la police zutichoise. La fraude opère via des SMS affichant comme expéditeur des numéros suisses.
Divers
–