Le tour des actus cybersécurité | 25 sept 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Data of millions of users exposed in Australia’s 2nd-largest telecom firm breach

Optus has over 10.2 million mobile customers in Australia and is supported by a network that covers 98.5 percent of the total population.

Hacker steals Grand Theft Auto 6 source code, videos

Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen. It also appears at least some of the material was leaked online via a message board.

Covid antigen test results of 1.7m Indian and foreign nationals leaked online

An Elasticsearch server is exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India.

Details of Over 300,000 Russian Reservists Leaked, Anonymous Claims

Hacktivist collective Anonymous has claimed to have leaked the personal data of over 300,000 individuals likely to be mobilized by the Russian government to fight in Ukraine.

Significant cyberattack hits Australian telco Optus

Updated Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach. Coming clean on Thursday, Optus said the attack exposed information including customers’ names, dates of birth, phone numbers, email addresses, and – for some – physical addresses, ID document numbers such as driving license or passport numbers.

American Airlines learned it was breached from phishing targets

American Airlines says its Cyber Security Response Team (CIRT) found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account. As the airline said in filings with the Office of the New Hampshire Attorney General, after receiving these phishing reports, American’s CIRT discovered unauthorized activity in the company’s Microsoft 365 environment.

Whistleblower: DoD Purchased Access to Americans’ Internet Browsing

Multiple military intelligence offices have paid a data broker for access to internet traffic logs, which could reveal the online browsing histories of U.S. citizens, Sen. Ron Wyden said in a letter Wednesday, citing an anonymous whistleblower that had contacted his office.

Cyberattaques / fraudes

Hackers stole $160 Million from Crypto market maker Wintermute

Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets.

Anonymous claims hacked website of Russian Ministry of Defense

The #OpRussia (#OpRussia) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular collective claims to have hacked the website of the Russian Ministry of Defense.

Uber links cyberattack to LAPSUS$, says sensitive user data remains protected

Uber has linked its recent cyberattack to an actor (or actors) affiliated with the notorious LAPSUS$ threat group, responsible for breaching the likes of Microsoft, Cisco, Samsung, Nvidia and Okta this year. The announcement came as the ride-hailing giant continues to investigate a network data breach that occurred on Thursday, September 15.

Revolut confirme un hack de données personnelles – Le Monde Informatique

La banque en ligne anglaise Revolut a confirmé un accès malveillant à son système d’information ayant permis à des pirates d’accéder à des données personnelles de 0,16 % de sa base installée de clients, soit plus de 50 000 personnes. Des données de paiement ainsi que des adresses, e-mails et numéros de téléphone sont concernés.

BlackCat ransomware’s data exfiltration tool gets an upgrade

The BlackCat ransomware (aka ALPHV) isn’t showing any signs of slowing down, and the latest example of its evolution is a new version of the gang’s data exfiltration tool used for double-extortion attacks. BlackCat is considered a successor to Darkside and BlackMatter and is one of the most sophisticated and technically advanced Ransomware-as-a-service (RaaS) operations.

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

Iranian Hackers Hid in Albanian Networks for Over a Year

State-backed Iranian threat actors were able to remain undetected inside an Albanian government network for 14 months before deploying destructive malware in July 2022, a new report has revealed.

Ukraine: SSU dismantled cyber gang that stole 30 million accounts

The cyber department of Ukraine ‘s Security Service (SSU) has taken down a group of hackers that is behind the theft of about 30 million individuals. The gang was offering the stole accounts for sale on the dark web, according to the SSU they earned almost UAH 14 million from the sale.

Failles / vulnérabilités

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Attackers are deploying malicious OAuth applications on compromised cloud tenants, with the goal of taking over Microsoft Exchange Servers to spread spam. That’s according to the Microsoft 365 Defender Research Team, which detailed this week how credential-stuffing attacks have been launched against high-risk accounts that don’t have multifactor authentication (MFA) enabled, then leveraging unsecured administrator accounts to gain initial access.

Sophos warns of new firewall RCE bug exploited in attacks

Sophos warned today that a critical code injection security vulnerability in the company’s Firewall product is being exploited in the wild. « Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region, » the security software and hardware vendor warned.

Une faille de 15 ans dans Python fragilise des projets open source – Le Monde Informatique

Atténuée mais non corrigée, une vulnérabilité dans le langage Python vieille de 15 ans refait surface en affectant potentiellement plus de 350 000 projets open source. Ne jamais oublier le passé, tel devrait être la devise des développeurs et en particulier quand il s’agit d’une vulnérabilité.

Justice / police / réglementation

UK Police arrests teen believed to be behind Uber, Rockstar hacks

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. In a short tweet shared by law enforcement, the teen was arrested in Oxfordshire as part of a hacking investigation supported by the UK’s National Crime Agency.

Suisse

Ransomware: la police zurichoise trouve des clés de déchiffrement

En octobre 2021, des opérations de police ont été menées en Ukraine et en Suisse contre douze cybercriminels présumés. Dans le cadre de la procédure pénale qui s’en est suivie, la police cantonale zurichoise a découvert des clés permettant de déchiffrer les données cryptées par des ransomware.

Article

Dreamlab Technologies is pleased to have become a cyber-safe.ch label partner. The label aims to break down the barriers preventing entry into the world of IT security for SMEs and other small organisations, by offering a strong incentive and providing them with the necessary tools for responsible cyber security management.

Divers

Ransomware operators might be dropping file encryption in favor of corrupting files

Ransomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware.

LastPass source code breach – incident response report released

If the big story of this month looks set to be Uber’s data breach, where a hacker was allegedly able to roam widely through the ride-sharing company’s network… ..the big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company’s proprietary source code.

un petit clic pour ma veille

Comments are closed.

S'incrire à la newsletter

Inscrivez-vous et recevez la synthèse des nouveaux articles directement dans votre boîte aux lettres.

Merci pour votre inscription !

Un erreur s'est produite. Merci d'essayer à nouveau ou utiliser le formulaire disponible dans la barre latérale du site.

Send this to a friend