Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes.
Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
https://www.zdnet.com/article/hackers-gained-access-to-samsung-customer-data/#ftag=RSSbaffb68
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
The Hackers Who Breached Neopets Were Inside Its IT Systems for 18 Months
New details about a massive data breach affecting the digital pet company shows that the hacker had long-term access to its network and user data.
Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal
The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data.
Russian streaming platform Start discloses a data breach impacting 7.5M users
The Russian subscription-based international streaming service Start discloses a data breach affecting 7.5 million users.
IRS data leak exposes personal info of 120,000 taxpayers
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns.
Cyberattaques / fraudes
FBI is helping Montenegro in investigating the ongoing cyberattack
A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack.
BlackCat ransomware claims attack on Italian energy agency
The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend.
FBI issues warning after crypto-crooks steal $1.3 billion in just three months
The FBI has warned that cybercriminals are increasingly targeting DeFi platforms and exploiting vulnerabilities in smart contracts.
China-linked APT40 targets wind turbines, Aust. government
ScanBox installed after victims lured to fake Murdoch news sites with phishing emails
Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
LockBit ransomware gang gets aggressive with triple-extortion tactic
LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.
Hackers caused a massive traffic jam in Moscow using a ride-hailing app
Hackers caused a huge traffic jam in Moscow after using the Yandex Taxi ride-hailing app to summon all available taxi drivers to the same location at the same time.
Failles / vulnérabilités
A flaw in TikTok Android app could have allowed the hijacking of users’ accounts
Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking.
Google Chrome issue allows overwriting the notebook content
A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content.
Apple just delivered an important security patch for these older iPhones
Apple issues a security update for iOS 12 to address a bug that was being actively exploited.
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
Twilio says hackers also gained access to the two-factor authentication (2FA) Authy accounts of 93 users in a recent security breach.
New Ransomware Group BianLian Activity Exploding
The threat actor using the common Go programming language and a custom toolkit claims twenty victims
Announcing Google’s Open Source Software Vulnerability Rewards Program
Posted by Francis Perron, Open Source Security Technical Program Manager, and Krzysztof Kotowicz, Information Security Engineer Today, we a…
Justice / police / réglementation
Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data
The cosmetic giant Sephora has been accused of breaching California Consumer Privacy Act (CCPA) by allegedly selling its customer data.
NATO Probes Hackers Selling Data from Top Missile Firm MBDA
MBDA is the world’s 2nd largest producer of missiles and hackers are selling 70 GB worth of its data for 1 BTC on a Russian forum.
Mississippi felon admits illegally 3D printing gun parts
Just days after US rules tackling homemade firearms take effect
C’est confirmé: la nouvelle LPD entre en vigueur en septembre… 2023
La nouvelle loi suisse sur la protection des données entrera en vigueur le 1er septembre 2023. A l’origine, elle était prévue pour le deuxième semestre 2022. Le Conseil fédéral explique vouloir laisser suffisamment de temps aux milieux économiques pour entreprendre les démarches nécessaires en vue de la mise en œuvre du nouveau droit.
US Police Deployed Obscure Smartphone Tracking Tool With No Warrants
It would allow police to search billions of mobile device-based records, including GPS data
Suisse
An alliance to strengthen collective cyber resilience
The constant increase in cyber threats requires new solutions. Therefore, the Cyber-Defence Campus, armasuisse Science & Technology, is working with Tune Insight to test its secure threat intelligence sharing software. The collaboration develops and investigates novel solutions for the secure exchange of cyber threat data.
Cyber-commissariat: le Ministère public de la Confédération en veut un, Fedpol non
Le Ministère public de la Confédération demande toujours la création par Fedpol d’un cyber-commissariat au sein de la Police judiciaire fédérale (PJF). L’objectif serait d’améliorer la coopération entre les autorités dans la lutte contre la cybercriminalité au niveau fédéral.
Divers
US telcos admit to storing, handing over location data
Letters to FCC confirm what many believed, don’t address a bigger problem
https://cio-mag.com/la-cybersecurite-pour-les-plus-vulnerables-hackers-without-borders-et-yeswehack-annoncent-un-partenariat-pour-proteger-les-ong/
NSA and CISA share tips to secure the software supply chain
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain.
