Hardcoding:Redshift Study

Les actus cyber-sécurité | sem 31 Juil 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Uber reconnait avoir dissimulé un vol massif de données en 2016

Uber admet avoir caché un vol de données concernant 57 millions de clients et de chauffeurs en 2016. L’entreprise de VTC, qui avait révélé ce vol de données en 2017 sous l’impulsion de son nouveau CEO, l’a reconnu dans le cadre d’un accord avec le procureur passé le vendredi 22 juillet 2022.

22 million US health records breached thus far in 2022

A new report from GlobalData estimates that up to 22 million US health records have been breached so far in 2022. The same report forecasts that spending on cybersecurity in the global healthcare industry will increase by nearly $400 million in the next 3 years.

Cloud Act : le Royaume-Uni et les États-Unis vont partager les données de leurs citoyens

À partir du 3 octobre 2022, les autorités du Royaume-Uni et des États-Unis pourront échanger les données personnelles de leurs citoyens. Un accord conjoint baptisé Cloud Act, qui va officiellement permettre aux deux nations de  » lutter contre les crimes graves, notamment le terrorisme, la maltraitance des enfants et la cybercriminalité « .

Cyberattaques / fraudes

Lockbit Ransomware Gang Have Claimed Responsibility For Recent Public Attacks

Reportedly, the Lockbit ransomware gang has claimed the recent attacks on the Italian tax agency and the Canadian town of St Marys. On Friday, the local administration at St Marys explained in an update that the attack occurred last Wednesday, locking an internal server and encrypting data on it.

The Lockbit ransomware gang has claimed responsibility for the recent attacks on the Italian tax agency and Canadian town of St Marys.

Microsoft débusque une société à l’origine du malware Subzero – Le Monde Informatique

Les équipes de chercheurs en sécurité de Microsoft ont détaillé le mode opératoire et le modèle économique utilisé par une société autrichienne à l’origine du malware Subzero. Plusieurs failles zero day Windows ont été exploitées dont la CVE-2022-22047 récemment patchée. Subzero n’est pas seulement le combattant ninja du jeu-vidéo Mortal Kombat.

Akamai blocked largest DDoS in Europe against one of its customers

The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. The target, a customer of cybersecurity and cloud service company Akamai, has been under constant assault, facing dozens of DDoS rounds over the past 30 days.

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

North Korean hackers have been spotted using malicious browser extensions for Chromium-based web browsers to steal email content.

ENISA provides data related to major telecom security incidents in 2021

ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.

Failles / vulnérabilités

0-days sold by Austrian firm used to hack Windows users, Microsoft says

Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for « automated exfiltration of sensitive/private data » and « tailored access operations [including] identification, tracking and infiltration of threats. »

Les hackers mettent en général 15 minutes pour exploiter une faille qui vient d’être dévoilée

Les hackers dégainent vraiment plus vite que leur ombre. A partir du moment où une faille est officialisée, il faut en généralement pas plus d’un quart d’heure pour relever les premiers scans, qui permettront ensuite d’éventuellement monter une attaque. Pas une heure, pas 30 minutes, non, 15 minutes.

911 Proxy Service Implodes After Disclosing Breach

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations.

Justice / police / réglementation

Hit by ransomware? No More Ransom now offers 136 free tools to rescue your files | Europol

Six years of public-private partnership Celebrating its sixth anniversary today, No More Ransom provides keys to unlocking encrypted files as well as information on how to avoid getting infected in the first place. Launched by Europol, the Dutch National Police (Politie) and IT security companies, the No More Ransom portal initially offered four tools for unlocking different types of ransomware…

CISA, Ukrainian cyber agency deepen partnership to combat Russian threat

Written by Suzanne Smalley Jul 29, 2022 | CYBERSCOOP Ukraine’s state cybersecurity agency announced details of an expanded partnership with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Friday, revealing that the agencies will begin joint training exercises and enhance how they exchange technical information.

radioactivity alert network (RAR)

The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country’s radioactivity alert network (RAR) between March and June 2021. The RAR system is a mesh of gamma radiation detection sensors, deployed across the country in order to detect anomalous radiation levels and take protective measures to prevent damage to the environment and the population.

Russian national charged in sweeping influence operation to disrupt U.S. elections, sow discord

Written by Suzanne Smalley Jul 29, 2022 | CYBERSCOOP A federal grand jury indicted a Russian national on charges of attempting to disrupt U.S. elections beginning as early as 2014, spreading disinformation to further Moscow’s political aims and infiltrating various American political organizations to carry out his plans.

T-Mobile to cough up $500 million over 2021 data breach

Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered « T-Mobile USA.

Suisse

Le piratage d’une société de cybersécurité touche des institutions de Genève et Vaud

Un nouveau piratage secoue les cantons de Vaud et de Genève: une société genevoise spécialisée dans la cybersécurité a été victime dimanche d’une attaque informatique. Près de 65’000 documents confidentiels sont apparus sur le darkweb, révèle Le Temps. L’entreprise informatique comptait plus de 200 clients romands.

Genève: Informaticien condamné pour des vols de données bancaires

GenèveInformaticien condamné pour des vols de données bancaires Un collaborateur de BNP Paribas a écopé de 150 jours-amende avec sursis pour avoir transféré des informations confidentielles. Il s’est défendu d’avoir voulu les vendre. La justice ne l’a pas cru. Sa faute? « Soustraction de données ». Sa peine?

Divers

NIST’s Expanding International Engagement on Cybersecurity

In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and approaches. Our participation in Standards Developing Organizations (SDOs) has expanded steadily, and we encourage international participation in the development of our own programs and resources.

Google retarde une nouvelle fois la fin des cookies tiers

Technologie : Chrome continuera d’avoir recours aux cookies tiers jusqu’à la seconde moitié de 2024. Google retarde une nouvelle fois l’élimination progressive des cookies tiers dans Chrome. Le navigateur prendra désormais entièrement en charge la technologie de pistage des internautes jusqu’à la seconde moitié de 2024, indiquait le géant américain mercredi.

These ransomware hackers gave up when they hit multi-factor authentication

A ransomware attack was prevented just because the intended victim was using multi-factor authentication (MFA) and the attackers decided it wasn’t worth the effort to attempt to bypass it.

Veilleur et spécialiste en cybersécurité

Comments are closed.