abstract barbed wire black white black and white

Les actus cybersécurité | sem 14 août 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Twitter Confirms Data Breach as 5.4M Accounts Sold on Hacker Forum

Twitter was forced to investigate the incident when a hacker offered the personal data of 5.4 million users on a hacker forum for $30,000 last month.

Twilio discloses data breach that impacted customers & employees

Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is an American firm that provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.

Hackers behind Twilio breach also targeted Cloudflare employees

The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to the company, the attack is very similar to the one that recently targeted the Communications company Twilio .

Slack Resets Passwords After Hashes Exposed When Invitations Shared

Slack has notified roughly 0.5% of its users that it reset their passwords after fixing a bug that exposed salted password hashes when creating or revoking shared invitation links for workspaces. Reported by BleepingComputer, Slack said « when a user performed either of these actions, Slack transmitted a hashed version of their password (not plaintext) to other workspace members. »

Cyberattaques / fraudes

Automotive supplier breached by 3 ransomware gangs in 2 weeks

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection.

Ransomware attack blamed for closure of all 7-Eleven stores in Denmark

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack.

Cisco Confirms Network Breach Via Hacked Employee Google Account

Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account. Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a « potential compromise » in a Wednesday post by the company’s own Cisco Talos threat research arm.

North Korea Allegedly Stole Millions of Dollars Worth of Crypto Assets

According to a confidential United Nations (UN) report seen by Reuters on Thursday, North Korea stole hundreds of millions of dollars worth of crypto assets in at least one major hack.

Recovery From NHS Attack Could Take Weeks

Last week, Advanced, a key NHS IT partner was hit by a ransomware attack. The IT company has said that it could take three to four weeks for systems to resume normal service. Advanced runs several key systems within the health service. One of its most important clients is the NHS 111 service.

NHS 111 services provider MSP Advanced confirms ransomware

Advanced, the MSP forced to shut down some of its servers last week after identifying an « issue » with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.

North Korean hackers target crypto experts with fake Coinbase job offers

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack.

Failles / vulnérabilités

Starlink Successfully Hacked Using $25 Modchip

Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat.

Il a fallu cinq ans pour patcher cette faille zero-day dans le noyau Linux

Les chercheurs en sécurité de Google sont tombé sur une vulnérabilité qui avait déjà été signalée en 2016 sans être corrigée. Quelques années plus tard, elle s’est retrouvée dans l’arsenal d’un éditeur de logiciels espion pour pirater des smartphones Android.

Pour la CISA, la faille Log4Shell va persister longtemps – Le Monde Informatique

Une enquête menée par la CISA fournit non seulement les indicateurs de compromission, mais elle met aussi en évidence les raisons pour lesquelles la vulnérabilité Log4Shell persistera indéfiniment. L’agence américaine de cybersécurité et de sécurité des infrastructures (Cybersecurity and Infrastructure Security, CISA) a enquêté sur les attaques exploitant la vulnérabilité Log4Shell dans des produits tiers comme VMware Horizon et Unified Access Gateway (UAG).

Making Linux Kernel Exploit Cooking Harder

The Linux kernel is a key component for the security of the Internet. Google uses Linux in almost everything, from the computers our employees use, to the products people around the world use daily like Chromebooks, Android on phones, cars, and TVs, and workloads on Google Cloud.

Justice / police / réglementation

Former Twitter Employee Found Guilty of Spying for Saudi Arabia

A former Twitter employee has been convicted of spying on the private information of Twitter users for Saudi Arabia.

The US offers a $10M rewards for info on the Conti ransomware gang’s members

The U.S. State Department announced a $10 million reward for information on five prominent members of the Conti ransomware gang. The government will also reward people that will provide details about Conti and its affiliated groups TrickBot and Wizard Spider. The reward is covered by the Rewards of Justice program operated by the a U.S.

FBI, CISA warn over ransomware gang that can make million dollar demands

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released details of the tactics of a ransomware group called Zeppelin which has been targeting large organizations in the US and Europe with huge ransom demands. Zeppelin emerged in late 2019 as a ransomware-as-a-service double-extortion operation and was previously called VegaLocker ransomware.

Ex Twitter employee found guilty of spying for Saudi Arabia

A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. « Ahmad Abouammo, a US resident born in Egypt, was found guilty by a jury Tuesday of charges including acting as an agent for Saudi Arabia, money laundering, conspiracy to commit wire fraud and falsifying records, following a two-week trial in San Francisco federal court. »

Cybercriminalité : un Français réclamé au Maroc par les Etats-Unis

Technologie : Le jeune homme de 21 ans est détenu au Maroc. Il risque 116 ans de prison s’il est condamné aux Etats-Unis. Il est sous le coup d’une extradition du Maroc vers les Etats-Unis. Le jeune homme de 21 ans est détenu au Maroc.

Suisse

La Confédération se tourne vers les « hackers éthiques » pour prévenir les cyberattaques

Suite à un projet pilote fructueux, la Confédération veut à l’avenir prévenir les cyberattaques sur ses systèmes informatiques non seulement par des tests de sécurité, mais aussi avec l’aide de hackers éthiques. Les premiers programmes devraient être lancés cette année.

Divers

China could be reviewing security bugs before tech companies issue patches, DHS official says

Written by Suzanne Smalley Aug 10, 2022 | CYBERSCOOP The Chinese government appears to use its software vulnerability disclosure rules to preview dangerous zero-day flaws before tech companies can deploy fixes, a top Department of Homeland Security official said Wednesday.

Russian Is Escalating, Diversifying Hacking of Ukraine, Research Says

As the Russian invasion of Ukraine reaches its sixth month, Russian hackers are escalating and diversifying their attacks on the country and its citizenry, sending mass texts to Ukrainian civilians threatening their lives if they don’t retreat from their homes, attempting to breach the country’s banks, and even crippling some of their basic utilities.

Ukraine’s cyber chief comes to Black Hat in surprise visit

Black Hat In Brief Victor Zhora, Ukraine’s lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country’s conflict with Russia. The picture Zhora painted was bleak.

Veilleur et spécialiste en cybersécurité

Comments are closed.