grannysmith apple with bite

Les actus cybersécurité | 21 août 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

MailChimp breach exposes email addresses and Callback phishing – CyberTalk

EXECUTIVE SUMMARY: The giant known as DigitalOcean says that a recent MailChimp security breach exposed the email addresses of customers. A small portion of customers received unauthorized password resets. DigitalOcean first learned of the breach after MailChimp disabled its account without warning last week.

Des documents secrets de l’armée française auraient fuité sur un forum JV

Les documents concernés auraient été mis en ligne dans trois posts – depuis supprimés – censés aider les développeurs a améliorer le design des véhicules qui apparaissent dans War Thunder. Comme le rapporte le Washington Post ont ainsi fuité des documents classifiés montrant des chars d’assaut de conceptio britannique, française et chinoise.

Mise à jour: les CFF mettent trois ans à colmater la fuite de données

Un expert informatique a identifié une faille sur une plateforme des CFF. Il a pu accéder aux données de quelque 500’000 clients du Swisspass. On apprend aujourd’hui que les chemins de fer étaient au courant de la faille de sécurité depuis 2018.

Cyberattaques / fraudes

U.K. Water Supplier Hit with Clop Ransomware Attack

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected.

Hackers Attack UK Water Supplier, Apparently Send Ransom Demand to the Wrong Company

Hackers infiltrated the corporate-side of a utility that supplies water to about 1.3 million people in the United Kingdom. However, the apparent data breach may not have been the one the cyber-criminals were aiming for.

LockBit claims ransomware attack on security giant Entrust

The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022.

APT Lazarus Targets Engineers with macOS Malware

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware.

China-linked RedAlpha behind multi-year credential theft campaign

Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of China.

North Korea-linked APT targets job seekers with macOS malware

ESET researchers continue to monitor a cyberespionage campaign, tracked as « Operation In(ter)ception, » that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents. ESET published a series of tweets detailing the recent attacks, the experts spotted a signed Mac executable disguised as a job description for Coinbase.

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker group Killnet claimed responsibility for the attacks.

Failles / vulnérabilités

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Xiaomi Phones Found Vulnerable to Payment Forgery

Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its « trusted environment » used to store payment data that opened some of its handsets to attack.

Two years on, Apple iOS VPNs still leak IP addresses

Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonVPN reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic.

The Pentagon may require vendors certify their software is free of known flaws. Experts are split.

Written by Suzanne Smalley Aug 19, 2022 | CYBERSCOOP Should the Pentagon require that vendors only sell the military software that’s free of known vulnerabilities or defects that could cause security problems? On the surface, it seems like a reasonable request.

Justice / police / réglementation

Developer with suspected ties to Tornado Cash nabbed in NL

Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.

Suisse

L’administration fédérale teste l’identification vidéo

Toute personne souhaitant se connecter à une application interne de l’administration fédérale doit d’abord faire confirmer son identité. Pour ce faire, les utilisateurs doivent se présenter en personne sur un site de l’administration fédérale ou dans une représentation suisse à l’étranger.

Le Tribunal administratif fédéral devra statuer sur le projet de cloud public de la Confédération

Le projet de la Confédération de conclure des contrats avec cinq fournisseurs de cloud étrangers occupe à nouveau les tribunaux. Alors que Google s’était déjà plaint l’année dernière, c’est cette fois un citoyen qui s’est adressé au Tribunal administratif fédéral, puis au Tribunal fédéral, rapporte le média alémanique Republik, qui s’appuie sur un arrêt du Tribunal fédéral du 28 juillet 2022.

Regtech Analyst: Zurich Cantonal Bank teams up with NetGuardians for payment fraud

A report by FinTech Futures revealed that Zurich Cantonal Bank said that not only is payment fraud becoming « more prevalent » but attacks are also becoming « more sophisticated », making them harder to spot. NetGuardians uses behavioural analytics, artificial intelligence (AI) and machine learning (ML) to build « highly accurate » customer profiles.

Swiss Post relaunches e-voting bug bounty program

Jessica Haworth 17 August 2022 at 14:28 UTC Ethical hackers invited to stress test election infrastructure Switzerland’s federal postal service is inviting ethical hackers to test its electronic voting (e-voting) system for vulnerabilities in the latest installment of its bug bounty program.

Divers

Google: Here’s how we blocked the largest web DDoS attack ever

Google Cloud has revealed it blocked the largest distributed denial-of-service (DDoS) attack on record, which peaked at 46 million requests per second (rps). The June 1 attack targeted one Google Cloud customer using the Google Cloud Armor DDoS protection service.

Un logiciel espion au cœur d’un scandale politique en Grèce

La vie politique grecque est secouée par une affaire de cyberespionnage. Le logiciel Predator, développé par la société Cytrox, a été détecté dans les téléphones de deux journalistes et de l'un des chefs de l'opposition, Nikos Androulakis. Ce logiciel espion permet d'accéder aux messages contenus sur un téléphone, à l'historique web et de collecter des mots de passe.

Veilleur et spécialiste en cybersécurité

Comments are closed.