Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
LastPass Reveal Security Incident
Password management giant LastPass has revealed details of a security incident earlier this month in which proprietary information was stolen by threat actors. The company said that the intrusions took place two weeks ago. The firm said that the intrusion took place two weeks ago.
Google researchers expose Iranian hackers’ tool to steal emails from Gmail, Yahoo and Outlook
Written by AJ Vicens Aug 23, 2022 | CYBERSCOOP Hackers linked to the Iranian government’s cyber espionage unit developed a software tool to retrieve downloaded emails and other data from Gmail, Yahoo and Microsoft Outlook accounts, Google researchers said Tuesday. The researchers at Google’s Threat Analysis Group, who dubbed the tool « HYPERSCRAPE, » detected the malicious program in December 2021.
Cyberattaques / fraudes
Unprecedented cyber attack hit State Infrastructure of Montenegro
An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures to mitigate its impact. Montenegro immediately reported the attack to other members of the NATO alliance. « Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised, » said Public Administration Minister Maras Dukaj.
LockBit ransomware gang blames victim for DDoS attack on its website
LockBit Ransomware Gang claims its leak site was hit by a massive DDoS attack allegedly carried out by security company Entrust.
Counterfeit Phones Found to Contain Backdoor to Hack WhatsApp
Budget Android device models that are counterfeit versions associated with popular smartphone brands contain multiple hidden trojans designed to target WhatsApp and WhatsApp Business messaging app. Doctor Web first came across the malware in July 2022. It was discovered in the system partition of at least four different smartphones: radmi note 8, P48pro, Note30u, and Mate40.
EU Report Outlines Cyber Response to Ukraine Invasion
The EU’s Justice and Home Affairs Agencies’ Network (JHAAN) has released new details of its continued work to monitor and contain cyber-threats since Russia’s invasion of Ukraine. A recently published paper, Contributing to the EU’s Solidarity with Ukraine, outlines the work of nine EU agencies in this area.
France hospital Center Hospitalier Sud Francilien suffered ransomware attack
The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures. According to local media, threat actors demand a $10 million ransom to provide the decryption key to restore encrypted data.
Hackers demand $10 million from Paris hospital after ransomware attack
Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend. The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services.
Ransomware attacks jump as new malware strains proliferate, research finds
Written by AJ Vicens Aug 25, 2022 | CYBERSCOOP Ransomware cases jumped 47 percent amid a rise in attacks involving newer strains of malicious software infecting targets, according to the cybersecurity firm NCC Group. Reported incidents increased to 198 in July from 135 in June, according to the firm that issues semi-regular reports on ransomware activity by tracking websites that post victims’ details.
Failles / vulnérabilités
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
Hackers are using this sneaky exploit to bypass Microsoft’s multi-factor authentication
Cyber criminals are exploiting dormant Microsoft accounts to bypass multi-factor authentication (MFA) and gain access to cloud services and networks, researchers have warned. The technique has been detailed by cybersecurity researchers at Mandiant, who says the exploit is being used in hacking campaigns by APT29 – also known as Cozy Bear – a hacking and espionage operation widely believed to be linked to Russia’s Foreign Intelligence Servic e (SVR).
Critical flaw impacts Atlassian Bitbucket Server and Data Center
Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS score 9.9), that could be explored to execute malicious code on vulnerable installs The flaw is a command injection vulnerability that can be exploited via specially crafted HTTP requests.
Justice / police / réglementation
Twitter slammed by security boss turned whistleblower Mudge
Twitter’s former security chief Peiter « Mudge » Zatko accused the company and its board of directors of violating financial rules, of fraud, and of grossly neglecting its security obligations in a complaint to the US Securities & Exchange Commission, the Federal Trade Commission, and the US Justice Department last month.
Ex-Apple engineer pleads guilty to stealing Apple’s car secrets
Xiaolang Zhang, a former Apple employee charged by the FBI in 2018 for stealing trade secrets about Apple’s autonomous vehicle project, pleaded guilty in a federal court in San Jose on Monday. Zhang stole the trade secrets while preparing to work for Chinese electric vehicle startup Xiaopeng Motors, also known as XPeng.
Jack Dorsey’s Other Company Hit With Lawsuit Over Alleged Negligent Data Security Practices
This week just keeps getting worse for Jack Dorsey-aligned products. On Tuesday, Dorsey’s fintech business Block found itself on the receiving end of a class action lawsuit accusing the company of failing to properly protect personal data of some 8.2 million Cash App investing customers compromised during a 2021 breach.
Suisse
Le Tribunal administratif fédéral devra statuer sur le projet de cloud public de la Confédération
Le projet de la Confédération de conclure des contrats avec cinq fournisseurs de cloud étrangers occupe à nouveau les tribunaux. Alors que Google s’était déjà plaint l’année dernière, c’est cette fois un citoyen qui s’est adressé au Tribunal administratif fédéral, puis au Tribunal fédéral, rapporte le média alémanique Republik, qui s’appuie sur un arrêt du Tribunal fédéral du 28 juillet 2022.
Ce que le groupe Amag a appris du cyberincident de 2020
Fin janvier 2020, des pirates informatiques s’en sont pris aux systèmes ITde l’importateur automobile Amag. Roger Mattman, CISO du groupe Amag, revient sur ce qui s’est exactement passé. Il explique comment le groupe a réagi à l’attaque et les leçons qui peuvent être tirées de cet incident.
Ciblée par un ransomware, la Haute Ecole Arc a évité le chiffrement de ses données (update)
La Haute Ecole Arc a été ciblée par une cyberattaque début juillet, perpétrée par un gang opérant un ransomware. Les données n’ont pas pu être chiffrées, selon la haute école. Les pirates avaient toutefois mis la main sur des documents et demandé une rançon.
Divers
Signal is secure, as proven by hackers
On August 15, the Signal team reported that unknown hackers attacked users of the messenger. We explain why this incident demonstrates Signal’s advantages over some other messengers. According to the statement issued by Signal, the attack affected around 1900 users of the app.
Most top mobile carriers retain geolocation data for two years on average, FCC findings show
Written by Tonya Riley Aug 26, 2022 | CYBERSCOOP Ten of the top 15 mobile carriers collect geolocation data and provide no way for consumers to opt-out, according to information from the telecom companies the Federal Communications Commission published Thursday.