Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes.
Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Hackers gained access to Samsung customer data
Hackers gained access to Samsung’s US systems and stole customer information, the mobile phone giant said Friday. The cybersecurity breach took place in late July, and by August 4, Samsung discovered that customer information was taken. The hackers didn’t gain access to Social Security numbers, or credit card or debit card numbers, Samsung said.
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line. EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
The Hackers Who Breached Neopets Were Inside Its IT Systems for 18 Months
Neopets, the company that sells virtual pets to tweenagers (and also a weird amount of adults), suffered a pretty devastating data breach earlier this year, but a recent update seems to show it was far worse than we previously thought.
Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal
The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via Twitter that it was hit by a cyber attack and that it was able to neutralize it.
https://securityaffairs.co/wordpress/135069/data-breach/start-data-breach.html
IRS data leak exposes personal info of 120,000 taxpayers
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts.
Cyberattaques / fraudes
FBI is helping Montenegro in investigating the ongoing cyberattack
A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. « This is another confirmation of the excellent cooperation between the United States of America and Montenegro and a proof that we can count on their support in any situation, » the ministry said of the deployment of the Cyber Action Team.
BlackCat ransomware claims attack on Italian energy agency
The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend. GSE is a publicly-owned company that promotes and supports renewable energy sources (RES) across Italy.
FBI issues warning after crypto-crooks steal $1.3b in just 3 months
Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part investors from their money.
China-linked APT40 targets wind turbines, Aust. government
Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea.
Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis.
LockBit ransomware gang gets aggressive with triple-extortion tactic
LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level. The gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to data published on its corporate leaks site.
Hackers caused a massive traffic jam in Moscow using a ride-hailing app
Hackers caused a major traffic jam in Moscow after exploiting the Russian ride-hailing app, Yandex Taxi, to summon all available taxis to the same location at the same time (). The attack occurred on September 1st and had traffic heading towards Kutuzovsky Prospect – an already busy boulevard – stuck at a standstill.
Failles / vulnérabilités
https://securityaffairs.co/wordpress/135125/mobile-2/tiktok-android-app-bug.html
Google Chrome issue allows overwriting the notebook content
A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post published by the developed Jeff Johnson is issue was introduced in version 104.
Apple just delivered an important security patch for these older iPhones
Apple has released an important security update for the iPhone 5s, iPhone 6 and older iPads to address one of two flaws affecting iOS 15 that also affected iOS 12. Apple has rolled out a fix for iOS 12 in the update in iOS 12.5.6 that brings across a patch for a remote code execution flaw that it fixed in iOS 15.6.1 in mid-August.
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
Twilio says hackers also gained access to the two-factor authentication (2FA) Authy accounts of 93 users in a recent security breach.
New Ransomware Group BianLian Activity Exploding
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022.
Announcing Google’s Open Source Software Vulnerability Rewards Program
Today, we are launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects. As the maintainer of major projects such as , and , Google is among the largest contributors and users of open source in the world.
Justice / police / réglementation
Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data
The cosmetic giant Sephora has been accused of breaching California Consumer Privacy Act (CCPA) by allegedly selling its customer data.
NATO Probes Hackers Selling Data from Top Missile Firm MBDA
MBDA is the world’s 2nd largest producer of missiles and hackers are selling 70 GB worth of its data for 1 BTC on a Russian forum.
Mississippi felon admits illegally 3D printing gun parts
A US man has admitted he broke the law when he used 3D printers to make components converting semi-automatic guns to full auto.
https://www.ictjournal.ch/news/2022-08-31/cest-confirme-la-nouvelle-lpd-entre-en-vigueur-en-septembre-2023
US Police Deployed Obscure Smartphone Tracking Tool With No Warrants
Various law enforcement agencies in Southern California and North Carolina have deployed an obscure cellphone tracking tool dubbed ‘Fog Reveal,’ sometimes without search warrants, a new investigation by the Associated Press (AP) has revealed.
Suisse
An alliance to strengthen collective cyber resilience
The constant increase in cyber threats requires new solutions. Therefore, the Cyber-Defence Campus, armasuisse Science & Technology, is working with Tune Insight to test its secure threat intelligence sharing software. The collaboration develops and investigates novel solutions for the secure exchange of cyber threat data.
Cyber-commissariat: le Ministère public de la Confédération en veut un, Fedpol non
Une récent rapport du Contrôle fédéral des finances (CDF) consacré à lutte contre la criminalité économique indique que le Ministère public de la Confédération (MPC) demande la création d’un commissariat cyber au sein de la Police judiciaire fédérale (PJF).
Divers
US telcos admit to storing, handing over location data
US mobile carriers know a lot about where their customers every move, and according to letters sent to the Federal Communications Commission (FCC), they routinely store such location data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can’t opt out.
La cybersécurité pour les plus vulnérables : Hackers Without Borders et YesWeHack annoncent un partenariat pour protéger les ONG – CIOMAG
Communiqué de presse Genève, le 31 août 2022 – L’ONG Hackers Sans Frontières (HSF) et la première plateforme européenne de bug bounty YesWeHack annoncent leur partenariat étroit – travaillant ensemble pour protéger les organisations à but non lucratif des cyberattaques. YesWeHack fournira à HSF un accès gratuit à sa plateforme de bug bounty à cette…
NSA and CISA share tips to secure the software supply chain
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released tips today on securing the software supply chain. This guidance is designed by the Enduring Security Framework (ESF)-a public-private partnership that works to address threats to U.S.
