black and white laptop computer on brown wooden desk

La veille cyber-sécurité (sem. 5 juin 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

5 million Adecco.com users’ data leaked

We recently discovered that a user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second largest human resources and temp staffing provider in the world. Adecco is also a Fortune 500 Global company.

Australian National Disability Insurance Scheme provider breached and treating its database as compromised

CTARS, the makers of a cloud-based client management system used by the Australian National Disability Insurance Scheme (NDIS) as well as disability services, out of home care, and children’s services, has revealed it was breached on May 15 and found the data posted to the dark web a week later.

Turkish airline suffers 6.5TB data leak

A budget Turkish airline has misconfigured an AWS bucket, resulting in the exposure of flight and source code data, alongside the personal information of crew members. A research team in the employ of SafetyDetectives discovered the cloud data trove was publicly available on February 28.

Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data

Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).

Pourquoi un patron a relayé sur Internet la liste de 570 employés licenciés

Sebastian Siemiatkowski, le patron de Klarna, a surpris son monde. Mardi, il a relayé sur ses réseaux publics la liste des employés récemment licenciés par la fintech suédoise, rapportent Les Echos . Ces derniers font partie de la vague de licenciement annoncée la semaine dernière par le leader mondial du paiement fractionné.

3,2 millions de données de canadiens en vente dans un blackmarket

Gestion des cookies Nous utilisons des cookies sur notre site web pour vous offrir l’expérience la plus pertinente en mémorisant vos préférences et vos visites répétées. En cliquant sur « Accepter », vous consentez à l’utilisation de ces cookies.

Cyberattaques / fraudes

Conti chats confirm that the gang ability to conduct firmware-based attacks

The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to detect and could be very destructive, and attackers can use them to achieve long-term strategic goals.

Le Costa Rica déclare l’état d’urgence contre les ransomwares – Le Monde Informatique

Le Costa Rica n’a pas réussi à mettre en oeuvre la stratégie de cybersécurité qu’il avait définie il y a cinq ans. Aujourd’hui, cette défaillance peut servir d’exemple, non seulement aux autres nations d’Amérique latine, mais aussi au monde entier.

Cybercriminalité: Le chef de l’ONU victime d’une cyberattaque

António Guterres a été victime d’une cyberattaque, d’après une lettre du secrétariat de l’Organisation. Les 193 pays membres ont été prévenus cette semaine. Au travers d’une lettre, le secrétariat de l’ONU a mis en garde cette semaine les 193 pays membres de l’Organisation contre des messages prétendument envoyés par son chef António Guterres à leurs représentants dans le cadre d’une cyberattaque.

Iranian hackers planned attack on Boston Children’s Hospital last summer, FBI director says

Written by Tonya Riley Jun 1, 2022 | CYBERSCOOP The FBI managed to detect and mitigate an attack by Iranian state-sponsored hackers against Boston’s Children’s Hospital last summer, FBI Director Christopher Wray revealed on Wednesday.

Twice as Many Healthcare Organizations Now Pay Ransom

Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31 countries.

Italy warns organizations to brace for incoming DDoS attacks

Italy’s Computer Security Incident Response Team (CSIRT) has issued an urgent alert to raise awareness about the high risk of cyberattacks against national entities on Monday. The type of cyberattack the Italian organization refers to is DDoS (distributed denial-of-service), which may not be catastrophic but can still cause damage, financial or otherwise, due to service outages and disruptions.

Conti ransomware targeted Intel firmware for stealthy attacks

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. According to messages exchanged between members of the cybercrime syndicate, Conti developers had created proof-of-concept (PoC) code that leveraged Intel’s Management Engine (ME) to overwrite flash and gain SMM (System Management Mode) execution.

Failles / vulnérabilités

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports. UPDATE A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. The warning comes from Japanese security vendor Nao Sec, which tweeted a warning about the zero day over the weekend.

International Authorities Take Down Flubot Malware Network

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020. International law enforcement has taken down the infrastructure behind Flubot, a nasty piece of malware which had been spreading with unprecedented speed across Android devices globally since December 2020.

Atlassian announces 0-day hole in Confluence Server – update soon!

Software development and colloboration toolkit behemoth Atlassian is warning of a dangerous zero-day in its collaboration software. There’s no alert about the bug visible on the company’s main web page, which features the company’s best-known tools JIRA (an IT ticketing system) and Trello (a discussion board), but you’ll find Confluence Security Advisory 2022-06-02 on the Confluence sub-site.

Justice / police / réglementation

Takedown of SMS-based FluBot spyware infecting Android phones | Europol

This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). The investigation is ongoing to identify the individuals behind this global malware campaign.

FBI seizes domains tied to stolen records, DDoS services

Written by Tonya Riley Jun 1, 2022 | CYBERSCOOP The FBI and Justice Department said Tuesday they had seized the domain of a search engine service that claimed to offer users the ability to scour billions of records of personal data from more than 10,000 data breaches, effectively shutting down the criminal operation.

Données personnelles : Twitter écope d’une pénalité de 150 millions de dollars

Twitter a accepté de payer une pénalité de 150 millions de dollars pour avoir utilisé les données personnelles de ses utilisateurs liées à l’authentification à deux facteurs à des fins publicitaires.

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer Bee. The three men are suspected of using the Agent Tesla RAT to reroute financial transactions and steal confidential details from corporate organizations. The suspects, aged between 31 and 38, the police found them in possession of fake documents, including fraudulent invoices and forged official letters.

Suisse

Novartis says no sensitive data was compromised in cyberattack

Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.

Divers

Alliance cyber entre USA, Japon, Inde et Australie

Durant son premier voyage officiel en Asie, le président américain Joe Biden a rencontré, à Tokyo, le premier ministre australien nouvellement élu Anthony Albanese, le premier ministre indien Narendra Modi et le premier ministre japonais Fumio Kishida. Dans une déclaration commune, les quatre dirigeants ont annoncé la création d’un partenariat de cybersécurité.

Singapore ups investment in quantum computing to stay ahead of security threats

Singapore is aiming to boost its capabilities in quantum computing with new initiatives to develop relevant skillsets and quantum devices. It stresses the need to do so to ensure encryption technologies remain robust and able to withstand « brute force » attacks.

Internet Crime Complaint Center (IC3) | The FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine

The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine. Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations.

OVHcloud : 140 clients demandent à être indemnisés après l’incendie

Environ 140 clients d’ OVHcloud demandent une indemnisation à l’opérateur de cloud français après l’incendie en 2021 de son centre de données de Strasbourg, dans des procédures coordonnées par un avocat parisien. Ce dernier, Me Jocelyn Ziegler, a indiqué qu’environ 80 lettres individuelles de mise en demeure avait déjà été expédiées, et que le reste allait suivre dans les prochains jours.

Biometric mobile payments set to exceed $1 trillion

Remote mobile payments authenticated by biometrics are predicted to reach $1.2 trillion by 2027, according to a new study. In its paper Mobile Payment Biometrics: Key Opportunities, Regional Analysis & Market Forecasts 2022-2027 , Juniper Research has predicted a 365% rise in the value of biometric payments over the next five years.

Chinese state media propaganda found in 88% of Google, Bing news searches

Written by Suzanne Smalley May 31, 2022 | CYBERSCOOP A think tank study says Chinese state media have proven very effective at influencing search engine results for users seeking information on Xinjiang, a region of China where the Uyghur ethnic minority has been subjected to what the State Department calls genocide.

Veilleur et spécialiste en cybersécurité

Newsletter