Cybersécurité Pour décoder l'actualité sur la cybersécurité , le cybercrime et les cyberattaques
Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
MailChimp breach exposes email addresses and Callback phishing – CyberTalk
EXECUTIVE SUMMARY: The giant known as DigitalOcean says that a recent MailChimp security breach exposed the email addresses of customers. A small portion of customers received unauthorized password resets. DigitalOcean first learned of the breach after MailChimp disabled its account without warning last week.
Des documents secrets de l’armée française auraient fuité sur un forum JV
Les documents concernés auraient été mis en ligne dans trois posts – depuis supprimés – censés aider les développeurs a améliorer le design des véhicules qui apparaissent dans War Thunder. Comme le rapporte le Washington Post ont ainsi fuité des documents classifiés montrant des chars d’assaut de conceptio britannique, française et chinoise.
Cyberattaques / fraudes
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected.
Hackers Attack UK Water Supplier, Apparently Send Ransom Demand to the Wrong Company
Hackers infiltrated the corporate-side of a utility that supplies water to about 1.3 million people in the United Kingdom. However, the apparent data breach may not have been the one the cyber-criminals were aiming for.
LockBit claims ransomware attack on security giant Entrust, leaks data
August 21th, 2022 update below. This post was originally published on August 18th. The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022.
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware.
China-linked RedAlpha behind multi-year credential theft campaign
Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of China.
North Korea-linked APT targets job seekers with macOS malware
ESET researchers continue to monitor a cyberespionage campaign, tracked as « Operation In(ter)ception, » that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents. ESET published a series of tweets detailing the recent attacks, the experts spotted a signed Mac executable disguised as a job description for Coinbase.
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group
Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker group Killnet claimed responsibility for the attacks.
Failles / vulnérabilités
Apple patches double zero-day in browser and kernel – update now!
Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Xiaomi Phones Found Vulnerable to Payment Forgery
Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its « trusted environment » used to store payment data that opened some of its handsets to attack.
Two years on, Apple iOS VPNs still leak IP addresses
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonVPN reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic.
The Pentagon may require vendors certify their software is free of known flaws. Experts are split.
Should the Pentagon require that vendors only sell the military software that’s free of known vulnerabilities or defects that could cause security problems? On the surface, it seems like a reasonable request.
Justice / police / réglementation
Developer with suspected ties to Tornado Cash nabbed in NL
Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.
Suisse
L’administration fédérale teste l’identification vidéo
Toute personne souhaitant se connecter à une application interne de l’administration fédérale doit d’abord faire confirmer son identité. Pour ce faire, les utilisateurs doivent se présenter en personne sur un site de l’administration fédérale ou dans une représentation suisse à l’étranger.
Le Tribunal administratif fédéral devra statuer sur le projet de cloud public de la Confédération
Le projet de la Confédération de conclure des contrats avec cinq fournisseurs de cloud étrangers occupe à nouveau les tribunaux. Alors que Google s’était déjà plaint l’année dernière, c’est cette fois un citoyen qui s’est adressé au Tribunal administratif fédéral, puis au Tribunal fédéral, rapporte le média alémanique Republik, qui s’appuie sur un arrêt du Tribunal fédéral du 28 juillet 2022.
Swiss Post relaunches e-voting bug bounty program
Jessica Haworth 17 August 2022 at 14:28 UTC Updated: 05 September 2022 at 10:32 UTC Ethical hackers invited to stress test election infrastructure Switzerland’s federal postal service is inviting ethical hackers to test its electronic voting (e-voting) system for vulnerabilities in the latest installment of its bug bounty program.
Divers
Google: Here’s how we blocked the largest web DDoS attack ever
Google Cloud has revealed it blocked the largest distributed denial-of-service (DDoS) attack on record, which peaked at 46 million requests per second (rps). The June 1 attack targeted one Google Cloud customer using the Google Cloud Armor DDoS protection service.
Un logiciel espion au cœur d’un scandale politique en Grèce
La Grèce est dans la tourmente. La raison ? Une affaire d’espionnage. Suite à la révélation que deux journalistes grecs d’investigation étaient sur écoute, l’un des chefs de l’opposition, Nikos Androulakis, a également annoncé avoir été mis sur écoute.
Un commentaire
Pingback: Veille Cyber N402 – 29 aout 2022 |