Le tour des actus cybersécurité | 16 oct 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Intel confirms leaked Alder Lake BIOS Source Code is authentic

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers. Alder Lake is the name of Intel’s 12th generation Intel Core processors, released in November 2021.

Zoetop pays $1.9m to settle customer data theft case

Online retailer Zoetop will fork out $1.9 million after account data belonging to 46 million customers was stolen in 2018. In announcing the settlement this week, New York Attorney General Letitia James said Hong Kong’s Zoetop, which owns fast-fashion brands Shein and Romwe, also tried to downplay the scale of the cyberattack and was pretty bad at securing people’s personal information.

Mormon Church data stolen in ‘state-sponsored’ cyberattack

Miscreants broke into the Church of Jesus Christ of Latter-day Saints’ computer systems and stole personal data belonging to « some » members, employees, contractors and friends, the church has confirmed. According to a church statement on the « data incident, » posted on its website today, the security breach happened in late March 2022.

Toyota discloses accidental leak of some customers’ personal information

Toyota Motor Corporation warns customers that their personal information may have been accidentally exposed after an access key was publicly available on GitHub for almost five years. The carmaker discovered recently that a portion of its T-Connect site source code was mistakenly published on GitHub.

Cyberattaques / fraudes

Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers

As seen by Hackread.com, the Iranian broadcaster was hacked while airing a news bulletin on Saturday night.

US airports’ sites taken down in DDoS attacks by pro-Russian hackers

Update: Title of story modified to indicate it was the sites taken down. The pro-Russian hacktivist group ‘KillNet’ is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible.

It was LockBit that forced NHS tech supplier to shut down

Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months.

Indian power generation giant Tata Power hit by a cyber attack

Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company.

Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server

Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The Cloudflare DDoS threat report 2022 Q3 states that multi-terabit massive DDoS attacks have become increasingly frequent. In Q3, the company mitigated multiple attacks that exceeded 1 Tbps.

Almost 900 servers hacked using Zimbra zero-day flaw

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.

Cloudflare mitigated record DDoS attack against Minecraft server

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.

Failles / vulnérabilités

Fortinet warns that critical authentication bypass flaw has been exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog. CISA on Tuesday added the flaw to the KEV catalog, a day after Fortinet revealed an authentication bypass CVE-2022-40684 that it patched last week was already being exploited in the wild.

Justice / police / réglementation

Student jailed for hacking female classmates’ email, Snapchat accounts

On Thursday, a Puerto Rico judge sentenced a former University of Puerto Rico (UPR) student to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues. The defendant, Iván Santell-Velázquez (aka Slay3r_r00t), pled guilty to cyberstalking on July 13, admitting to targeting more than 100 students.

Suisse

Cyberattaque contre Läderach: des données publiées sur le darkweb (update)

Mise à jour du 10 octobre 2022: Des cybercriminels ont publié des données de Läderach sur le darkweb. Le chocolatier confirme les informations rapportées par Inside-IT. Le gang de ransomware Bianlian a publié sur le darkweb des documents de gestion, des fichiers relatifs au développement de produits et à des projets futurs, des planifications budgétaires et des fichiers du domaine des ressources humaines.

Divers

German Cybersecurity Chief Faces Sacking Over Possible Russia Ties

German Interior Minister Nancy Faeser could dismiss Arne Schoenbohm, president of the Federal Office for Information Security ( BSI) due to possible contact with Russian security agents, German media reported on Sunday, October 9, 2022, citing government sources.