mur Ukraine

L’hebdo des cyber-menaces (20 fév 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

U.S. senators say CIA data collection has been hidden from public, lawmakers

Two U.S. senators claim the Central Intelligence Agency is running a secret program aimed at scooping up massive amounts of data and has been shielding it from Congressional oversight, they said in a letter released on Friday. In the letter dated April 13, 2021, Senators Ron Wyden, of Oregon, and Martin Heinrich, of New Mexico, warned top U.S.

US Government: Sensitive data is being stolen from defence contractors

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data.

Healthcare Data Breaches Impact 147k Illinoisans

The protected health information (PHI) of nearly 150,000 residents of Illinois may have been exposed in data breaches at two separate healthcare organizations. South Shore Hospital ( SSH) in Chicago and the Family Christian Health Center ( FCHC) in Harvey, Illinois, have begun notifying Illinoisans that the security of their data may have been compromised.

Croatian phone carrier reports data breach

‘A1 Hrvatska’, a Croatian phone carrier, has disclosed a data breach exposing the personal information of roughly 200,000 of its customers. The organisation has not provided many details outside the fact that they suffered a cybersecurity incident involving the unauthorised access of one of their user databases containing sensitive personal information.

Cyberattaques / fraudes

Ukraine says it’s targeted by ‘massive wave of hybrid warfare’

The Security Service of Ukraine (SSU) today said the country is the target of an ongoing « wave of hybrid warfare, » aiming to instill anxiety and undermine Ukrainian society’s confidence in the state’s ability to defend its citizens. « Ukraine is facing attempts to systemically sow panic, spread fake information and distort the real state of affairs.

Ukrainian DDoS Attacks Should Put US on Notice-Researchers

On Tuesday, institutions central to Ukraine’s military and economy were hit with a wave of denial-of-service (DoS) attacks, which sparked an avalanche of headlines around the world. The strike itself had limited impact – but the larger implications for critical infrastructure beyond the Ukraine are worth noting, researchers said.

Red Cross Hack Linked to Iranian Influence Operation?

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group.

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its attack vectors to avoid detection so it can continue to do its nefarious work, they wrote in a report published online Tuesday.

Alleged ransomware attack disrupted ops at Slovenia’s Pop TV station

Last week, a cyber-attack has disrupted the operations of Pop TV, the Slovenian most popular TV channel. The attack, which likely was a ransomware attack, impacted the computer network of the TV channel and caused the cancellation of the evening edition of 24UR daily news show.

Failles / vulnérabilités

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers retrieve the master key for unlocking files locked by Hive ransomware by exploiting a flaw in its encryption algorithm.

Google doubles bug bounties

Google has announced that they have doubled the rewards for anyone who can who can demonstrate working exploits for a range of zero-day and one-day vulnerabilities across a variety of platforms. The reward increases are applicable to exploits discovered in the Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF (Kubernetes-based infrastructure for capture the flag exercises).

VMware fixes holes that could allow virtual machine escapes

VMware’s latest security bulletin doesn’t mince its words about how quickly you should patch: When do I need to act? Immediately. The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. [… G]iven the severity, we strongly recommend that you act.

Justice / police / réglementation

La CIA est à nouveau impliquée dans une affaire de surveillance de masse des Américains

Des sénateurs américains ont eu vent d’un programme de surveillance secret de l’agence de renseignement. Ils demandent des éclaircissements.

Un revendeur de logiciels espions plaide coupable devant la justice américaine

C’est un développement rare dans l’industrie de la vente de logiciels espions. Mardi 15 février, le département de la justice des Etats-Unis a annoncé qu’un homme d’affaires mexicain avait plaidé coupable dans un dossier impliquant la commercialisation d’outils de surveillance.

EDPS watchdog call for bans on surveillance spyware like Pegasus

The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU. Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.

Australian encryption laws used to force provider to help in homicide case | ZDNet

When it comes to Australia’s encryption laws, two out of the three arms can now be publicly said to have been used, following the release of the Telecommunications (Interception and Access) Act 1979 — Annual Report 2020-21 this week.

Croatian Police arrests minor over A1 Telecom data breach & ransom demand

The 14-year-old was accused of stealing data of 100,000 Tele Operator A1 customers and asking for 150 Ethereum coins ($500,000) in ransom.

Suisse

Neuchâtel – Cyberattaque: une demande de rançon est bien parvenue à l’Université

Vendredi, les systèmes informatiques de la Haute-Ecole étaient inutilisables. Certains ont vu des fichiers se crypter et ont reçu un message faisant référence à une rançon. Des mesures ont été prises immédiatement. L’accès aux serveurs de l’Université de Neuchâtel était bloqué, vendredi matin, en raison d’une cyberattaque, selon une information d’abord révélée par « ArcInfo ».

La Confédération met en garde 130 organisations contre une faille de sécurité informatique

Le Centre national pour la cybersécurité a envoyé une lettre recommandée à 130 entreprises et communes, pour les informer des failles de sécurité d’un logiciel de messagerie. Cet avertissement n’est pas le premier, mais les acteurs concernés n’ont pas encore réagi.

Vaud – Attention aux fausses convocations judiciaires

De fausses convocations judiciaires envoyées par mail, accusent leurs destinataires de certains délits. Il s’agit d’une arnaque, dénonce la police cantonale vaudoise. Depuis quelques semaines, des mails provenant soi-disant de services de police comme la gendarmerie vaudoise, Europol, la direction de FedPol ou encore de la gendarmerie française, sont envoyés à de nombreux internautes.

Swisscom, Sunrise UPC et Salt concernés par une attaque au ransomware

Le fournisseur de services de télécommunication américain iBasis a été victime d’une attaque par ransomware. Des données ont été publiées sur le darkweb et concernent les fournisseurs télécoms suisses. Ces derniers cherchent à savoir si des données sensibles de leurs clients ont été touchées.

Swiss Cyber Security Days 2022 : retour au présentiel – Cominmag.ch

Virtuelles l’an dernier, les journées nationales de la cybersécurité – Swiss Cyber Security Days – retrouvent le format présentiel les 6 et 7 avril 2022 à Forum Fribourg. Sur le thème  » Cyber : la cinquième dimension « , le programme a pour objectif d’apporter de nouvelles réponses aux problèmes de sécurité numérique de plus en plus graves que rencontrent la société et les usagers.

Divers

French Dad tries to block his kids internet, wipes out town WiFi

A French father attempting to use a signal jammer to prevent his children from accessing the internet accidentally knocked out an entire town’s internet connection. A complaint was sent to the French Agence Nationale des Fréquences, who are responsible for managing radio frequencies in the country received an unusual complaint (translated) from a mobile phone operator.

Major Canadian banks go offline in unexplained outage

The mysterious outage is as yet unexplained and hit Royal Bank of Canada (RBC), Bank of Montreal (BMO), Scotiabank, TD Bank Canada and the Canadian Imperial Bank of Commerce (CIBC). « We are currently experiencing technical issues with our online and mobile banking, as well as our phone systems, » an RBC representative confirmed.

Veilleur et spécialiste en cybersécurité