Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed
Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records. Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs.
Luxury hotel chain Shangri-La suffered a security breach
The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July. The incident impacted hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokio, the company launched an investigation to determine what data had been stolen by the attackers.
Auth0 victime d’un accès illicite à ses dépôts de code avant son rachat par Okta – Le Monde Informatique
Racheté par Okta en 2021 pour 6,5 milliards de dollars, l’éditeur Auth0 spécialisé dans les services d’identité à destination des développeurs a rendu compte d’une copie illicite de ses dépôts de codes depuis au moins octobre 2020. Okta se serait sans doute bien passé de cette nouvelle.
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data
The clock is ticking for the Los Angeles Unified School District (LAUSD) – the second largest in the country. Following a ransomware attack at the beginning of the month, it has now has been given an ultimatum: meet Vice Society’s ransom payment demands or have their data released to the public for anyone, including phishers and other cybercriminals, to access.
Cyberattaques / fraudes
Piratage du CH Sud Francilien de Corbeil-Essonnes : des données sensibles divulguées – Le Monde Informatique
Les pirates du cybergang Lockbit 3.0 ayant visé en août dernier le Centre Hospitalier Sud Francilien de Corbeil-Essonnes ont finalement mis leur menace à exécution. Après l’échec de leur demande de rançon, une archive contenant plus de 11 Go de données sensibles incluant des numéros de sécurité sociale et des comptes-rendus d’examens de patients a été publiée.
La ville de Caen touchée par une cyberattaque – Le Monde Informatique
Une attaque informatique rend inopérant depuis lundi de très nombreux services de la ville de Caen dont les prestations scolaires, sportives et culturelles. Une cyberttaque paralyse les services de la ville de Caen depuis lundi. En particulier l’état civil, les prises de rendez-vous (passeports, empreintes digitales…) n’étant plus possibles.
Ukraine warns of ‘massive cyberattacks’ coming from Russia on critical infrastructure sites
Written by AJ Vicens Sep 26, 2022 | CYBERSCOOP The Russian government is planning « massive cyberattacks » against Ukrainian critical infrastructure facilities to « increase the effect of missile strikes on electrical supply facilities, » the Ukrainian government said Monday.
Lazarus APT continues to target job seekers with macOS malware
North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers aimed at stealing credentials for the victims’ wallets. Last week, SentinelOne researchers discovered a decoy documents advertising positions for the popular cryptocurrency exchange Crypto.com.
Mandiant identifies 3 hacktivist groups working in support of Russia
Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU). The experts assess with moderate confidence that moderators of the purported hacktivist Telegram channels « XakNet Team, » « Infoccentr, » and « CyberArmyofRussia_Reborn » are coordinating their operations under the control of the GRU.
Failles / vulnérabilités
Most hackers need 5 hours or less to break into enterprise environments
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
Covert CIA websites could have been found by an ‘amateur’, research finds
The CIA used hundreds of websites for covert communications that were severely flawed and could have been identified by even an « amateur sleuth », according to security researchers. The flaws reportedly led to the death of more than two dozen US sources in China in 2011 and 2012 and also reportedly led Iran to execute or imprison other CIA assets.
URGENT! Microsoft Exchange double zero-day – « like ProxyShell, only different »
Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend… …and along comes a brand new zero-day hole in Microsoft Exchange! More precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution (RCE) on the Exchange server itself.
Justice / police / réglementation
Messageries instantanées : 1,8 Md$ d’amende pour des établissements financiers US – Le Monde Informatique
Plusieurs banques et sociétés de courtage de Wall Street ont écopé d’amendes pour un montant d’1,8 milliard de dollars car leurs employés envoyaient des messages et des textos à leurs clients sans enregistrer les communications, comme cela est exigé par la loi. Certains dirigeants de ces entreprises ont menti à ce sujet et ont supprimé des messages.
Ukrainian Authorities Arrests Cybercrime Group for Selling Data of 30 Million Accounts
On Friday last week, Ukrainian law enforcement authorities disclosed that it had « neutralized » a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests.
Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets
Written by Suzanne Smalley Sep 29, 2022 | CYBERSCOOP A former National Security Agency employee appeared in federal court Thursday on charges that he attempted to transmit classified « national defense information » to an FBI agent he believed was a Russian operative in exchange for $85,000, according to the Justice Department.
Australia government wants Optus to pay for data breach
Australia’s current administration is calling for stronger privacy laws, following last week’s cybersecurity breach that compromised personal data of 9.8 million Optus customers. Describing the cyber attack as « not technologically challenging », the government says the breach should never have happened and that Optus should pay to rectify the situation.
Germany arrests hacker for stealing €4 million via phishing attacks
Germany’s Bundeskriminalamt (BKA), the country’s federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. One of the three individuals, a 24-year-old German citizen, has been arrested and charged, while a second one, a 40-year-old, was also charged with 124 acts of computer fraud.
Suisse
Le système d’e-voting de la Poste suisse résiste à 60’000 attaques
Environ 3400 hackers du monde entier ont tenté, pendant quatre semaines, de pirater le futur système de vote électronique de la Poste suisse. Dans son communiqué tirant le bilan du récent test d’intrusion, le géant jaune indique que 60’000 attaques ont été lancée contre sur la plateforme.
Le contrat cloud de la Confédération est signé, mais…
Les documents du contrat cloud de la Confédération ont été signés par les cinq fournisseurs concernés (Alibaba, Amazon Web Services (AWS), IBM, Microsoft et Oracle), a fait savoir l’administration fédérale. Le contenu des contrats est identique pour tous les fournisseurs, mais des éléments complémentaires ont été établis avec chacun d’entre eux, précisent les autorités dans leur communiqué.
Divers
Nord Stream pipeline disinformation fits pattern of Russian information warfare
Written by Suzanne Smalley Sep 30, 2022 | CYBERSCOOP Within hours of this week’s Nord Stream pipeline explosion, Russian officials, Twitter users and Tucker Carlson began circulating disinformation suggesting that the Biden administration was responsible for the apparent act of sabotage. In fact, some viral tweets included old footage of U.S.
Veriphone, un nouvel outil pour tester l’infection d’un smartphone par des logiciels espions
Le dispositif se présente comme une simple tablette tactile, peu coûteuse, installée au sein du tribunal judiciaire de Paris. Anodin au premier regard, cet outil dévoilé à la mi-août, baptisé Veriphone, est cependant un nouvel atout dans la main des autorités pour aider les femmes victimes de violences conjugales.
