Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Les armées du Chili, du Mexique, du Salvador, du Pérou et de Colombie ont subi un gigantesque piratage informatique
Des millions d’e-mails, des informations confidentielles détaillant des opérations militaires, des contrats… Les armées de cinq pays latino-américains ont été la cible d’un gigantesque piratage de leurs systèmes informatiques ces dernières semaines.
Optus confirms 2.1 million ID numbers exposed in data breach
Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack.
Telstra discloses data breach impacting former and current employees
Australia’s largest telecommunications company Telstra disclosed a data breach through a third-party supplier. The company pointed out that its systems have not been breached, the security breach impacted a third-party supplier that previously provided a now-obsolete Telstra employee rewards program.
Hackers Leak 500 GB of Data Stolen From Los Angeles School District
Last month, the ransomware gang Vice Society, hacked the Los Angeles Unified School District, the second largest in the country, leaving the computer system paralyzed. Two weeks after the initial attack, the perpetrators demanded money for the return of the stolen data.
Finnish intelligence warns of Russia’s cyberespionage activities
The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.
Cyberattaques / fraudes
Hacker stole $566M worth of Binance Coins from Binance Bridge
Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able to exploit an issue with the bridge, the attack took place at 2:30 PM EST today. The attackers were able to transfer the funds to their wallet through two transactions [ 1, 2], each of 1,000,000 BNB.
Russian Hackers Shut Down US State Government Websites
Russian-speaking cyberattackers boast they are behind disruption of Colorado, Kentucky, and Mississippi government websites. Source: Colorado.gov homepage screen capture A hacktvist group with ties to the Russian government has claimed credit for cyberattacks on the government websites of three US states: Colorado, Kentucky, and Mississippi.
Gare au backdoor caché dans un logo Windows – Le Monde Informatique
Le cybergang Witchetty a étoffé l’arsenal de sa backdoor LookBack avec une technique stéganographique. Le but ? Camoufler une charge utile dans un logo Windows ouvrant la voie à l’exécution de code malveillant. Des payloads camouflés dans des images sévissent malheureusement encore et toujours.
Le constructeur automobile Ferrari piraté
Gestion des cookies Nous utilisons des cookies sur notre site web pour vous offrir l’expérience la plus pertinente en mémorisant vos préférences et vos visites répétées. En cliquant sur « Accepter », vous consentez à l’utilisation de ces cookies.
Failles / vulnérabilités
Facebook warns 1 million users about apps trying to compromise accounts
Written by Tonya Riley Oct 7, 2022 | CYBERSCOOP Facebook will alert 1 million users on Friday that they may have unknowingly revealed login credentials to malicious Android or iOS apps. The warning follows the release of Facebook parent company Meta’s first security report on malicious apps targeting login information.
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast
Source: Andriy Popov via Alamy Researchers have demonstrated how an attacker could take over control of light bulbs in the Ikea Trådfri smart lighting system, ultimately turning the bulbs up to full brightness – and users can’t turn them down through the app or the remote control.
Justice / police / réglementation
Former Uber CSO convicted of covering up megabreach back in 2016
Joe Sullivan, who was Chief Security Officer at Uber from 2015 to 2017, has been convicted in a US federal court of covering up a data breach at the company in 2016. Sullivan was charged with obstructing proceedings conducted by the FTC (the Federal Trade Commission, the US consumer rights body), and concealing a crime, an offence known in legal terminology by the peculiar name of misprision.
Australian Teen Accused of Using Leaked Data to Blackmail Telecom Customers
Authorities in Australia arrested a 19-year-old who allegedly tried to blackmail customers of telecommunications company Optus following a data breach last month that impacted thousands of people. The teenage hacker allegedly sent out text messages to 93 Optus customers to demand that $2,000 be deposited in a bank account, and threatened to sell and use their information for fraudulent activity if they don’t comply, The Guardian reported.
German police identified a gang that stole €4M via phishing attacks
Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. The phishing campaigns were conducted between October 3, 2020, and May 29, 2021, the gang sent to the victims messaging posing as coming from German banks.
Meta Law Suit Against Chinese Devs Over WhatsApp Malware Plot
Earlier today, WhatsApp parent company Meta announced that they are suing three Chinese developers for allegedly tricking users into downloading fake versions of the app that harvested their login details.
Biden’s Privacy Shield 2.0 order unlikely to satisfy EU
In brief An executive order signed by President Biden on Friday to setting out fresh rules on how the US and Europe share people’s private personal info may still fall short of the EU’s wishes, says the privacy advocate who defeated the previous regulations in court.
Australia moots changes to privacy laws after Optus data breach
Australia is moving to change its privacy laws, so telcos can better work with financial services institutions and government agencies to mitigate the impact of a data breach on customers. Proposed amendments to the country’s Telecommunications Regulations 2021 Act will allow the temporary sharing of some personal data to facilitate such efforts.
NIS 2 – die neue Cyber-Security-Richtlinie der EU im Überblick
Die EU will mit ihrer neuen Cyber-Security-Richtlinie NIS 2 mehr Resilienz in die gesamte Infrastruktur bringen. Bisher wurden viele Branchen von solchen Konzepten weitgehend verschont – nun gilt es ernst. Unternehmen, die nicht mitziehen, sollen mit hohen Bussen belegt werden.
Canadian Sentenced 20 Years in US Prison For Ransomware Attacks
A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21.5m today for participating in the NetWalker ransomware attacks, said the Department of Justice (DOJ) Office of Public Affairs on Tuesday. Sebastien Vachon-Desjardins, 35, of Gatineau, Quebec, was extradited to the United States in January this year according to the extradition treaty between the United States and Canada.
Suisse
La Confédération sommée d’agir pour renforcer la cybersécurité de son administration
Le Contrôle fédéral des finances (CDF) s’est penché sur l’efficacité des processus de cybersécurité de l’administration fédérale. En particulier sur la capacité du Centre national pour la cybersécurité (NCSC) à agir contre les vulnérabilités et cyberincidents. Le rapport du CDF conclut que le processus de gestion des incidents est défini, publié et appliqué.
Divers
Cyber-assurance : entre mobilisation et critique – Le Monde Informatique
Plusieurs grandes entreprises ont décidé de créer leur propre assurance pour couvrir les cyber-risques. Dans le même temps, les membres du Cesin ont manifesté leur opposition au projet gouvernemental d’indemniser les victimes de rançons par les assureurs à condition de déposer plainte.
FBI and CISA Publish Advisory on Malicious Cyber Activity Against Election Infrastructure
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have published a joint public service announcement about malicious cyber activity aiming to compromise election infrastructure. According to the document released on Tuesday, the agencies said attempts to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.
1 Comment
Comments are closed.
Pingback: Veille Cyber N409 – 17 octobre 2022 |