La veille cyber-sécurité (sem 17 Juil 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

1.9 Million Healthcare Records Breached in Ransomware Attack

US debt collector Professional Finance Company (PFC) has reported a data breach affecting 1.9 million individuals across over 650 different healthcare providers. The Colorado-based company, which chases outstanding debts for healthcare companies, said that an unauthorized intruder accessed personal data including names, addresses, amount owing, and information regarding payments made to accounts.

Transplant Donor and Recipient Data Exposed by Healthcare Provider

The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting the healthcare information. The company warned that some transplant recipients’ medical records included information about their donor too. Some recipient information also appeared on donors’ records too. In some cases, this information has been exposed since 2006.

Cyberattaques / fraudes

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year.

Journalists Emerge as Favored Attack Target for APTs

Targeted phishing attacks are traced to multiple threat actors who have each independently focused on stealing credentials and sensitive data and tracking the geolocation of journalists. In a Thursday report by Proofpoint, researchers outline individual efforts by advance persistent threat (APT) groups who they say are aligned with China, North Korea, Iran and Turkey.

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

One of Axie Infinity’s former employees was reportedly tricked into accepting a fraudulent job offer on LinkedIn, leading to the $540 million hack.

Disneyland Social Media Hacked

Last Thursday, Disneyland had their Facebook and Instagram accounts taken over by a self-proclaimed « super hacker » who posted racist and homophobic posts. The threat actor, operating under the name « David Do », claimed that he was seeking « revenge » on Disneyland employees after some of them had allegedly insulted him.

French Telecoms Firm Hit by Ransomware Attack

French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s management and administrative systems on 4th July. The attack is believed to have been carried out by the LockBit ransomware group.

Lithuanian Energy Firm Disrupted by DDOS Attack

Lithuanian energy company Ignitis Group was hit by what it described as its « biggest cyber-attack in a decade » on Saturday when numerous distributed denial of service (DDoS) attacks were aimed at it, disrupting its digital services and websites.

Failles / vulnérabilités

Hackers Say They Can Unlock and Start Honda Cars Remotely

They key fobs of several Honda models have a flaw that could allow hackers to unlock and start the cars.

10 000 entreprises victimes de phishing contournant le MFA d’Office 365 – Le Monde Informatique

Les pages web de phishing utilisées dans une dernière campagne d’attaques malveillantes sont utilisées en tant que proxy pour extraire du contenu de la page de connexion légitime d’Office 365. Avec à la clé de gros dégâts pour les cibles atteintes.

A New Attack Can Unmask Anonymous Users on Any Major Browser

How this de-anonymization attack works is difficult to explain but relatively easy to grasp once you have the gist.

New Android malware on Google Play installed 3 million times

A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. The malware, named ‘Autolycos,’ was discovered by Evina’s security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of this writing.

Justice / police / réglementation

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics. Source: Robert Brown via Alamy Joshua Schulte, a former CIA programmer, has been found guilty by a jury in a Manhattan, NY court for stealing the trove of classified data on US cyber espionage that was exposed in the Vault 7 Wikileaks data dump.

Suisse

Alerte de fraude cyber au nom du Centre national pour la cybersécurité

Des individus mal intentionnés envoient actuellement des e-mails frauduleux au nom du Centre national de cybersécurité (NCSC). Les cybercriminels utilisent le nom de domaine « ncscs.ch », proche du domaine authentique « ncsc.ch ». Les intentions des malfaiteurs sont pour l’instant inconnues, indique une annonce du NCSC. Les e-mails ne contiennent pas de liens malveillants ni de pièces jointes.

Divers

Comment l’Ukraine a rapidement migré 10 pétaoctets de données dans AWS

En quelques semaines, les équipes d’Amazon Web Services (AWS) ont aidé le gouvernement ukrainien et les entreprises du pays à migrer leurs données sur le cloud, afin d’assurer la continuité des activités en cas de destruction de datacenters nationaux dans le cadre de la guerre contre la Russie.

IBM joins other tech giants and removes Russian state controlled network from its cloud service

Written by AJ Vicens Jul 12, 2022 | CYBERSCOOP Until the Russian invasion of Ukraine, the state-sponsored RT television network was one of Moscow’s main tools for spreading propaganda beyond its borders. But after the war started, most global tech companies either cut off RT’s programs from their streaming platforms or took steps to severely limit the network’s reach over the internet.

Veilleur et spécialiste en cybersécurité