Les 5 actus cybersécurité à ne pas manquer | 14 sept 2022

Voici une sélection de 5 actualités de cybersécurité qu’il ne fallait pas manquer cette semaine. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Top 1

These hackers used Log4Shell vulnerability to target US energy firms

State-backed hackers behind the infamous crypto-stealing group Lazarus are now using the Log4Shell flaw to breach energy firms in North America and Japan for purposes of espionage. Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open-source application logging component — in unpatched internet-facing VMware Horizon servers to gain initial access at energy providers in the US, Canada, and Japan.

Top 2

Cyberattack Prompts Los Angeles School District To Shut Down Its Computer Systems

LOS ANGELES (AP) – A ransomware attack targeting the huge Los Angeles school district prompted an unprecedented shutdown of its computer systems as schools increasingly find themselves vulnerable to cyber breaches at the start of a new year.

Top 3

InterContinental Hotels Confirms Cyber-Attack After Two-Day Outage

InterContinental Hotels Group (IHG) has confirmed its subsidiary Holiday Inn has been hit by a cyber-attack. More specifically, the firm issued a statement saying it was investigating « unauthorized access » to a number of its technology systems. The acknowledgment comes two days after the UK-based company’s booking channels and other applications were disrupted, preventing many customers from booking accommodations online.

Top 4

FBI warns of Vice Society ransomware attacks on school districts

FBI, CISA, and MS-ISAC warned today of U.S. school districts being increasingly targeted by the Vice Society ransomware group, with more attacks expected after the start of the new school year. « The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks, » today’s joint advisory reads.

Top 5

Indemnisation des cyber-rançons : les assureurs ravis, les experts cyber furieux

Le gouvernement va autoriser les assureurs à rembourser la rançon payée par leurs clients suite à une cyberattaque, à la seule condition qu’une plainte soit déposée dans les 48 heures suivantes. Cette mesure, qui met fin à un flou de plusieurs années, est très bien accueillie par les assureurs car elle conforte leurs pratiques.

Veilleur et spécialiste en cybersécurité