a person sitting on the floor with vr goggles using a computer

La veille cyber-sécurité (sem. 29 mai 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach

GitHub shares more details about the recent OAuth token breach, revealing that the attacker gained access to the credentials of nearly 100k NPM users.

Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online

The trove of data was leaked due to a misconfigured ElasticSearch server which contained « millions of logs of personal data. »

142 Million MGM Resorts Records Leaked on Telegram for Free Download

According to the hacker who published the data on Telegram, there are 142,479,938 (over 142 million) records in the leak dating back to 2017.

Cyberattack on General Motors exposes customer data

US automobile behemoth General Motors (GM) has confirmed that it suffered a credential stuffing attack last month. GM said that it detected malicious login activity between April 11-29 2022, resulting in the exposure of customer information and allowing hackers to redeem gift card reward points.

Cyberattaques / fraudes

Conti Ransomware Gang Shutdown, Conti ransomware rebranding 2022

Given the fact that the infamous Conti ransomware gang recently threatened to topple the newly elected Costa Rican government, it may come as a surprise that the ransomware group has just shutdown its operations.

Ransomware attack grounds flights at India’s SpiceJet

Indian budget airline SpiceJet on Wednesday attributed delayed flights to a ransomware attack. SpiceJet said the attack was quickly contained and rectified with flights again operating normally. The company later was forced to clarify that its definition of « normally » meant flights delayed by ransomware had a cascading effect on its schedule, so while it whacked the ransomware passengers could still expect disruptions.

Ransomware demands acts of kindness to get your files back

The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you. And that’s certainly true of the GoodWill ransomware, which security firm CloudSEK described this week.

Guerre en Ukraine : la Russie sous le feu des cyberattaques

Longtemps, la Russie et ses pirates informatiques de haut niveau ont fait figure d’épouvantail dans le cyberespace. Mais, après trois mois de guerre en Ukraine et face à des cyberattaques et des fuites de données d’une ampleur inédite, la Russie est passée du statut d’attaquant à celui d’attaqué.

Derrière le piratage d’e-mails de militants pro-Brexit, un groupe de hackeurs russes

Un site qui a mis en ligne des e-mails présentés comme issus de comptes piratés de plusieurs figures-clés du mouvement pro-Brexit au Royaume-Uni est lié à un groupe de pirates russes, affirme Google, en s’appuyant sur une analyse technique menée par ses chercheurs en sécurité informatique.

Pro-Russian Hackers Hit Critical Government Websites in Italy

Pro-Russian hackers have targeted the websites of various Italian institutions and government ministries, law enforcement said on Friday. The attack, which began on Thursday evening and was still in progress as of Friday early afternoon, was reportedly confirmed by Italy’s Postal Police.

Russian hackers perform reconnaissance against Austria, Estonia

In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. This discovery comes from cybersecurity firm Sekoia, which built upon previous findings of Google’s TAG, which has been following Russian hackers closely this year.

Microsoft warns of new highly evasive web skimming campaigns

Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in an image file, using this trick the code is executed when a website’s index page is loaded.

Failles / vulnérabilités

Messages Sent Through Zoom Can Expose People to Cyber-Attack

Zoom, the videoconferencing platform that has become a staple for connection and communication since the onset of COVID-19, has revealed four recent security vulnerabilities. The vulnerabilities could be exploited to compromise users over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP) messages and executing malicious code.

Data on ransomware attacks is ‘fragmented and incomplete’, warns Senate report

The government lacks comprehensive data on ransomware attacks and suffers from fragmented reporting, according to a new US Senate committee report. The 51-page report from the Senate Homeland Security and Governmental Affairs Committee calls on the government to swiftly implement new mandates for federal agencies and critical infrastructure organizations to report ransomware attacks and payments to attackers.

The 10-month investigation, which focussed on the role of cryptocurrency in ransomware payments, found that reporting on attacks is « fragmented and incomplete », in part because the FBI and Cybersecurity and Infrastructure Security Agency (CISA) both claim to have the « one stop » website for reporting attacks – respectively, IC3.gov and StopRansomware.gov. 

Tesla cars, Bluetooth locks, vulnerable to hackers, researchers say

LONDON, May 17 (Reuters) – Millions of digital locks worldwide, including on Tesla (TSLA.O) cars, can be remotely unlocked by hackers exploiting a vulnerability in Bluetooth technology, a cybersecurity firm said on Tuesday.

Justice / police / réglementation

INTERPOL hauls in alleged Nigerian cybercrime ringleader

Written by Tonya Riley May 25, 2022 | CYBERSCOOP The cybercrime unit of the Nigeria Police Force alongside INTERPOL arrested a 37-year-old Nigerian man for allegedly running a massive cybercrime operation that used phishing campaigns and business email compromise schemes to scam companies and individual victims. The arrest, announced Wednesday, follows a major global sting last year that resulted in the arrests of more than a dozen suspects allegedly tied to the notorious Nigerian crime ring, dubbed « SilverTerrier » by cybersecurity firm Palo Alto Networks.

Clearview AI fined £7.5m for harvesting data

Clearview AI has been fined by the UK’s Information Commissioner’s Office (ICO) for breaking UK data protection laws. The £7.5m fine is a huge reduction from the £17m the ICO initially planned to fine the web-based intelligence platform in November 2021.

Regulators slam Twitter with $150M fine over using consumer security data for advertising

Written by Tonya Riley May 26, 2022 | CYBERSCOOP Twitter on Wednesday agreed to pay a $150 million dollar civil penalty and follow new data privacy practices in order to settle allegations that the company used data collected for account-security purposes for advertising without customer awareness.

Suisse

Après l’Armée, au tour des policiers suisses d’utiliser Threema

Les forces de police suisses vont utiliser l’app de messagerie Threema. La Conférence des commandants des polices cantonales a attribué un contrat à la solution helvétique dans le cadre d’une procédure de gré à gré. Threema va remplacer une solution signée Abraxas.

Les utilisateurs de Mesvaccins.ch ne reverront pas leurs données

C’est désormais une certitude: les données de Mesvaccinations.ch ne pourront plus être récupérées. Le Préposé fédéral à la protection des données et à la transparence (PFPDT) a recommandé de détruire les données. L’office des faillites de Berne-Mittelland, qui dissout la fondation en faillite derrière ce registre des vaccinations, a accepté cette recommandation, indique un communiqué du PFPDT.

Divers

Democrats press Google to overhaul data location practices to protect abortion-seekers

Written by Tonya Riley May 24, 2022 | CYBERSCOOP More than 40 Democrats sent a letter to Google Tuesday calling on the company to overhaul its collection and retention of location data that prosecutors could use to prosecute people obtaining abortions if Roe v. Wade is overturned.

Italy announced its National Cybersecurity Strategy 2022/26

Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government’s commitment to addressing cyber threats and increasing the resilience of the country to cyber attacks. The strategy is aligned with the commitments undertaken within international organizations of which Italy is a member party.

Verizon Report: Ransomware, Human Error Among Top Security Risks

Ransomware, supply-chain threats and how organizations and their employees are their own worst enemy when it comes to security are some of the key takeaways of Verizon’s annual report on the last 12 months of cyber-attacks.

Veilleur et spécialiste en cybersécurité