black smartphone on black table top

L’hebdo des cyber-menaces (13 fév 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Croatian phone carrier data breach impacts 200,000 clients

Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information.

Puma hit by data breach after Kronos ransomware attack

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals’ offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.

ID.me Will Make Facial Recognition Optional for Government Agencies

In a major turn of events, embattled identity verification company ID.me says it will make facial recognition verification optional for all of its public sector government partners. Additionally, starting March 1, the company says all ID.me users will be able to delete their face scans.

Cyberattaques / fraudes

Ransomwares : ces pirates libèrent vos données… en échange d’un like

Les ransomwares sont actuellement un des principaux défis en matière de cybersécurité. En bloquant les appareils des victimes et en exigeant le paiement d’une rançon pour qu’elles récupèrent leurs données, les cybercriminels empochent parfois de très gros montants. Le problème est particulièrement important aux États-Unis mais aussi en France où des piratages ont récemment touché plusieurs organisations.

Swissport ciblé par un ransomware: des vols retardés

La société de services aéroportuaires Swissport a été victime d’une attaque au ransomware. Via Twitter, Swissport a indiqué avoir rapidement identifié et endigué l’attaque. Cette dernière a touché une partie de l’infrastructure informatique mondiale de l’entreprise basée à Zurich, qui opère dans 285 aéroports et 45 pays.

Corée du Nord hors ligne : un pirate informatique s’attaque à une nation

Il s’appelle P4x et est un hacker. Et il a mis la Corée du Nord hors ligne après que l’État a tenté de le pirater. Les observateurs de l’Internet nord-coréen ont fait d’étranges constatations au cours des dernières semaines. Une infrastructure Internet importante s’est déconnectée plusieurs fois, puis est revenue en ligne, avant d’être à nouveau déconnectée du réseau.

Free decryptor released for TargetCompany ransomware victims

Czech cybersecurity software firm Avast has released a decryption utility to help TargetCompany ransomware victims recover their files for free. However, as Avast warns, this decryptor can only be used to restore encrypted files « under certain circumstances. » Victims who want to recover their files using this decrypting tool should also be aware that this will likely be a resource-intensive and time-consuming process.

China Suspected of News Corp Cyberespionage Attack

The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China’s interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. Reports on Monday revealed that a Jan.

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer. The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post.

Failles / vulnérabilités

Google says nearly $9 million given out in 2021 vulnerability rewards | ZDNet

Google announced this week that its Vulnerability Reward Programs doled out $8,700,000 for vulnerability rewards in 2021. Researchers donated $300,000 of their rewards to a charity of their choice, according to a blog from Sarah Jacobus of Google’s Vulnerability Rewards Team.

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site.

Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks

Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications.

Justice / police / réglementation

Vol de crypto : 3,6 milliards de dollars récupérés, un couple arrêté

Technologie : Ilya Lichtenstein et sa femme Heather Morgan sont accusés d’avoir blanchi le produit de 119 754 bitcoins volés sur la plateforme de Bitfinex en 2016. Le point sur cette affaire tout à fait rocambolesque.

Le Parlement européen va enquêter sur l’utilisation du logiciel espion Pegasus par les Etats membres

Le groupe Renew Europe a eu gain de cause : une commission va être créée pour enquêter sur l'utilisation du logiciel espion Pegasus par certains Etats européens. Il souhaite également mettre sur liste noire NSO Group, l'entreprise israélienne éditrice de Pegasus.

European Police Flag 500+ Pieces of « Terrorist » Content

European police have found and referred 563 pieces of terrorist content to service providers in the region, as a UK man was jailed for sharing a bomb-making manual online. The Referral Action Day took place last week at Europol’s headquarters.

Russian Govt. Continues Carding Shop Crackdown

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown – the second closure of major card fraud shops by Russian authorities in as many weeks – comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Spanish police arrest suspects in SIM-swapping ring | ZDNet

Spanish law enforcement has arrested eight people suspected of running a SIM-swapping ring. SIM-swapping attacks, also known as SIM hijacking, occur when criminals attempt to take over your phone number.

Suisse

CFF sans SwissID : l’identifiant national perd un  » client important « 

À partir d’avril, les CFF renoncent à l’identification avec SwissID. La carte d’identité électronique suisse perd donc encore de sa pertinence. Les Chemins de fer fédéraux suisses (CFF) se retirent. Selon Inside IT, la plus grande entreprise ferroviaire de Suisse renonce à l’utilisation du login SwissID.

Europe’s biggest car dealer hit with ransomware attack | ZDNet

One of Europe’s biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. The Swiss company showed up on the list of victims for the Hive ransomware on February 1 and confirmed that they were attacked in January.

Divers

Internet Crime Complaint Center (IC3) | Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.

Veilleur et spécialiste en cybersécurité