Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
TikTok Denies It Was Hacked After a Gang Claimed to Leak Users’ Data
Was TikTok hacked? According to the company itself, the answer to that question is: definitely not. And security researchers who have looked into the matter seem to agree. Why is TikTok fielding claims of a data breach?
New cyberespionage group surfaces following attacks on mostly Asian targets
Written by AJ Vicens Sep 6, 2022 | CYBERSCOOP A previously unknown cyberespionage group has been using undocumented tools to go after high-profile Asian companies and local governments, researchers with cybersecurity firm ESET said Tuesday.
États-Unis : cet outil permet à la police de traquer le smartphone des citoyens
C’est une affaire qui pourrait faire grand bruit aux États-Unis. À travers une vaste enquête, l’Associated Press vient en effet de révéler que de nombreuses institutions des forces de l’ordre américaines exploitent un outil pour espionner le smartphone des citoyens sans leur consentement ni mandat leur autorisant cette pratique.
Orange Cyberdefense victime d’une fuite importante de données clients
Orange Cyberdefense, la filiale spécialisée en cybersécurité d’ Orange, a été touché par une fuite de données de plus d’une centaine de clients. Un acte qui n’a pas été revendiqué, mais qui pourrait avoir des conséquences importantes.
Lazarus Group dropped a MagicRAT to spy on energy providers
The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos. The Lazarus Group is perhaps best known for the infamous WannaCry attacks and a ton of cryptocurrency theft.
Cyberattaques / fraudes
InterContinental Hotels Confirms Cyber-Attack After Two-Day Outage
InterContinental Hotels Group (IHG) has confirmed its subsidiary Holiday Inn has been hit by a cyber-attack. More specifically, the firm issued a statement saying it was investigating « unauthorized access » to a number of its technology systems. The acknowledgment comes two days after the UK-based company’s booking channels and other applications were disrupted, preventing many customers from booking accommodations online.
Cyberattack Prompts Los Angeles School District To Shut Down Its Computer Systems
LOS ANGELES (AP) – A ransomware attack targeting the huge Los Angeles school district prompted an unprecedented shutdown of its computer systems as schools increasingly find themselves vulnerable to cyber breaches at the start of a new year.
These hackers used Log4Shell vulnerability to target US energy firms
State-backed hackers behind the infamous crypto-stealing group Lazarus are now using the Log4Shell flaw to breach energy firms in North America and Japan for purposes of espionage. Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open-source application logging component — in unpatched internet-facing VMware Horizon servers to gain initial access at energy providers in the US, Canada, and Japan.
$30M worth of cryptocurrency stolen from Axie Infinity recovered
A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie Infinity. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S.
Microsoft: Iranian hackers encrypt Windows systems using BitLocker
Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 (aka Nemesis Kitten) has been abusing the BitLocker Windows feature in attacks to encrypt victims’ systems. Redmond’s threat intelligence teams found that the group is quick to exploit newly disclosed security vulnerabilities and extensively uses living-off-the-land binaries (LOLBINs) in attacks.
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
Hackers exploit a new zero-day vulnerability in the WordPress plugin BackupBuddy, which is installed on over 140,000 websites.
Failles / vulnérabilités
New Linux malware evades detection using multi-stage deployment
A new stealthy Linux malware known as Shikitega has been discovered infecting computers and IoT devices with additional payloads. The malware exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and eventually launches a cryptocurrency miner on infected devices.
Justice / police / réglementation
12 Arrested as Interpol Takes Down Transnational Sextortion Ring
Interpol has confirmed the dismantling of a transnational sextortion gang that raked in a whopping $47,000 from dozens of victims.
FBI warns of Vice Society ransomware attacks on school districts
FBI, CISA, and MS-ISAC warned today of U.S. school districts being increasingly targeted by the Vice Society ransomware group, with more attacks expected after the start of the new school year. « The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks, » today’s joint advisory reads.
Espagne : Dix ans de prison pour avoir poussé un ado au suicide sur WhatsApp
Espagne Dix ans de prison pour avoir poussé un ado au suicide sur WhatsApp Un sexagénaire a été condamné mardi pour avoir provoqué la mort d’un mineur de 17 ans, qui s’était jeté dans le vide après avoir été bombardé de 119 messages en quelques heures.
Indemnisation des cyber-rançons : les assureurs ravis, les experts cyber furieux
Le gouvernement va autoriser les assureurs à rembourser la rançon payée par leurs clients suite à une cyberattaque, à la seule condition qu’une plainte soit déposée dans les 48 heures suivantes. Cette mesure, qui met fin à un flou de plusieurs années, est très bien accueillie par les assureurs car elle conforte leurs pratiques.
Instagram Fined $402 Million in EU for Allegedly Mishandling Children’s Data
Instagram is being hit with the second-largest European Union privacy fine for allegedly mishandling data about children, ramping up the bloc’s enforcement of its privacy law against big technology companies.
Suisse
Le chocolatier suisse Läderach victime d’une cyberattaque
Le chocolatier suisse Läderach est victime d’une cyberattaque survenue lundi dernier 5 septembre, comme il l’indique dans un communiqué. Le fabricant de chocolat a réuni son comité d’urgence et averti les autorités compétentes. Läderach ne précise pas s’il s’agit d’une attaque par ransomware, mais elle indique que sa production, sa logistique et son administration sont touchées.
Armasuisse teste une tech romande pour partager ses données en toute sécurité
L’armée suisse annonce collaborer avec la spin-off de l’EPFL Tune Insight, active dans le domaine de l’informatique confidentielle. Plus précisément, c’est le Cyber-Defence Campus, rattaché à Armasuisse Science et technologies, qui teste la solution de Tune Insight pour l’échange sécurisé de données sur les cybermenaces. Des informations bien entendu particulièrement sensibles.
Divers
Ukraine dismantles more bot farms spreading Russian disinformation
The Cyber Department of the Ukrainian Security Service (SSU) dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts. As the SSU discovered, this bot army « of almost 7,000 accounts » was used to push content discrediting the Defence Forces of Ukraine, justify Russia’s armed aggression, and destabilize Ukraine’s social and political situation.
Albania interrupted diplomatic ties with Iran over the mid-July attack
Albanian Prime Minister Edi Rama announced that Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the massive cyber attack that hit the country in mid-July. The cyberattack hit the servers of the National Agency for Information Society (AKSHI), which handles many government services.
Facebook Has No Idea What Data It Has
This is from a court deposition: Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level.
