close up shot of keyboard buttons

La veille cyber-sécurité (sem. 26 juin 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Israeli military personnel spied on via Strava fitness-tracking app

The Strava fitness-tracking app is being used to spy upon members of the Israeli military, tracking their movements at secret bases across the country and potentially even help observe their activities when they travel overseas.

1.5 million customers impacted by Flagstar Bank data breach

Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. As reported by Bleeping Computer, the data breach occurred between December 3 and December 4, 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio.

Indian government’s confidential infosec guidance leaks

India’s government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website. The document, and the measures it contains, suggest infosec could be somewhat loose across India’s government sector.

Cyberattaques / fraudes

Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls.

Authorities Suspect Cyber Attack Behind False Rocket Sirens in Israel

Authorities in Jerusalem, Israeli were alarmed after prolonged siren alerts on Sunday evening and some believe it is the work of Iranian hackers.

Magecart attacks are still around. And they are becoming more stealthy

Magecart attacks are decreasing in number but are becoming more stealthy, with researchers highlighting potential server-side blindspots in tracking them. It’s not too often you hear about Magecart attacks. In the past few years, cybersecurity incidents that hit the headlines tended to involve attacks on core utilities and critical services, state-sponsored campaigns, ransomware, massive data breaches, and disruption on a broader scale than the issues that Magecart victims today often experience.

Italian spyware firm is hacking into iOS and Android devices, Google says

Google’s Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan. According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads, as initial infection vectors.

Conti ransomware hacking spree breaches over 40 orgs in a month

The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign ARMattack and described it as being one of the group’s « most productive » and « extremely effective. »

Conti ransomware finally shuts down data leak, negotiation sites

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. According to threat intel analyst Ido Cohen, Conti’s servers were shut down on Wednesday and BleepingComputer has confirmed they are still offline as of today.

La Russie intensifie ses campagnes de cyber-espionnage contre les alliés de l’Ukraine

Selon un rapport de Microsoft publié le 22 juin 2022, la Russie aurait récemment initié des dizaines de campagnes de cyber-espionnage dans 42 pays qui soutiennent à l’Ukraine. Le rapport indique que ces différentes campagnes visent des pays sur les six continents mais qu’elles se concentrent principalement sur les pays de l’OTAN et leurs alliés proches.

Failles / vulnérabilités

IceFall : 56 failles mettent des systèmes industriels en danger – Le Monde Informatique

Un rapport des chercheurs en sécurité de Forescout a identifié un package de 56 vulnérabilités regroupées sous l’appellation IceFall. Ce dernier vise les équipements industriels utilisés notamment dans des environnements critiques. Les systèmes industriels (OT) sont loin d’être invulnérables aux cyberattaques.

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

The flaw in the application-logging component Log4j known as « Log4Shell » should have been patched by organisations months ago, but some systems that haven’t been patched with available updates are still being used by hackers to gain access to business networks.

Justice / police / réglementation

Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands | Europol

The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the Netherlands Seizures including firearms, ammunition, jewellery, electronic devices, cash and cryptocurrency The criminal group contacted victims by email, text message and through mobile messaging applications.

Une ancienne ingénieure d’Amazon reconnue coupable du piratage massif de la banque Capital One

Paige Thompson a dérobé les données de 106 millions de clients en 2019. Elle s’était servie des informations recueillies lorsqu’elle était ingénieure chez Amazon Web Services pour commettre son méfait. C’est l’un des plus gros vols de données de l’histoire des Etats-Unis.

Biden signs cyber bills into law

On Tuesday President Biden signed two pieces of legislation into law which were aimed at enhancing the cybersecurity capabilities of federal, state and local governments. The signing was preceded by an earlier law which increased the ability of the federal government to collect data about cyberattacks.

Suisse

Cyberattaque contre l’association des hôpitaux suisses H+

Dans la nuit de dimanche à lundi, l’association des hôpitaux suisses H+ a été la cible d’une cyberattaque. L’organisme explique que tous les serveurs ont d’abord été arrêtés par mesure de sécurité. Ainsi, la communication avec le secrétariat général été fortement limitée avant d’être rétablie lundi en fin de journée.

Le Préposé fédéral suspend la suppression des données de Mesvaccins.ch

Les données de la plateforme Mesvaccins.ch ne seront vraisemblablement pas supprimées. En collaboration avec les autorités sanitaires, le Département de santé et des affaires sociales du canton d’Argovie tente de sauver les données des utilisateurs de la plateforme. Le Préposé fédéral à la protection des données et à la transparence (PFPDT) soutient cette démarche.

Divers

NSO claims ‘more than 5’ EU states used its Pegasus spyware

NSO Group told European lawmakers this week that « under 50 » customers use its notorious Pegasus spyware, though these customers include « more than five » European Union member states. The surveillance-ware maker’s General Counsel Chaim Gelfand refused to answer specific questions about the company’s customers during a European Parliament committee meeting on Thursday.

Panne massive chez Cloudflare – Le Monde Informatique

Plusieurs services Internet ont été impactés par une panne importante touchant Cloudflare. Le spécialiste du CDN a précisé qu’une évolution réseau pour plus de résilience était à l’origine de cette interruption de service. Au cœur de la connectivité de beaucoup de services web, CloudFlare a été victime d’une panne importante de ses infrastructures.

Russia fines Google for spreading ‘unreliable’ info defaming its army

Roskomnadzor, Russia’s telecommunications watchdog, has fined Google 68 million rubles (roughly $1.2 million) for helping spread what it called « unreliable » information on the war in Ukraine and the failure to remove it from its platforms. The Russian telecommunications regulator said Google’s YouTube online video sharing platform « purposefully contributes » to spreading inaccurate info on Russia’s war in Ukraine, thus defaming Russia’s army.

150 millions de dollars pour sécuriser la supply chain logicielle

La Linux Foundation et l’Open Source Software Security Foundation ont récemment dévoilé un plan d’investissement de 150 millions de dollars sur deux ans, dans l’objectif de mieux sécuriser la chaîne d’approvisionnement logicielle. Le plan se décline en trois axes principaux.

Veilleur et spécialiste en cybersécurité