person s gray hoodie

Le tour des actus cybersécurité | 30 oct 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Medibank Admits That All Customer Data Was Exposed

As reported by Medibank, an Australian health insurance giant, every one of its customers had their personal information accessed by ransomware actors-which happened a few days after Medibank had downplayed the aftermath of a recent breach.

Fuite de données chez Microsoft: 65’000 clients seraient concernés

Une erreur de configuration des systèmes Endpoint chez Microsoft a rendu accessible publiquement 2,4 téraoctets de données clients. Le fournisseur de cybersécurité SOCRadar en a informé le géant de la tech le 24 septembre dernier. Microsoft affirme avoir depuis corrigé l’erreur et les données ne peuvent plus être consultées qu’avec l’authentification nécessaire.

Australian Clinical Labs says patient data stolen in ransomware attack

Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people. ACL is an Australian healthcare company that operates 89 laboratories and performs six million tests annually, offering its services to 92 private and public hospitals across Australia.

Hackers stole sensitive data from Iran’s atomic energy agency – Security Affairs

Iran’s atomic energy agency revealed on Sunday that a nation-state actor had access to a subsidiary’s network and free access to its email system, the Associated Press reports.

167,000 stolen credit card numbers Exposed via PoS Malware

Researchers have shared details of how two PoS malware were used to steal over 167,000 payment records from over 200 hacked devices.

Cette entreprise paie la rançon, mais les pirates divulguent quand même ses données

Sécurité : Il est toujours recommandé aux victimes de ransomware de ne pas céder aux demandes de rançon, et ce cas réel le prouve. Une victime d’une attaque par ransomware a payé pour rétablir l’accès à son réseau, mais les cybercriminels n’ont pas respecté leur part du marché.

Cyberattaques / fraudes

A massive cyberattack hit Slovak and Polish Parliaments

A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. « The attack was multi-directional, including from inside the Russian Federation, » reads a statement published by the Polish Senate. Polish authorities argued that the attack may be linked to the Senate’s vote.

Largest EU copper producer Aurubis suffers cyberattack, IT outage

German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread. Aurubis is Europe’s largest copper producer and the second largest in the world, with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly.

Twilio discloses another security incident that took place in June

The Communications company Twilio announced that it suffered another « brief security incident » on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to customers’ and employees’ information.

Iran’s nuclear energy agency confirms email server hacked

The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach.

Norway PM warns of Russia cyber threat to oil and gas industry

Norway ‘s prime minister Jonas Gahr Støre warned that Russia poses « a real and serious threat » to the country’s oil and gas industry. The minister claims its country is going slow in adopting necessary measures to protect organizations and critical infrastructure operators in the energy sector from cyberattacks.

Wholesale giant METRO confirmed to have suffered a cyberattack

International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000 people in 681 stores worldwide, most of them in Germany, its sales reached 24.8 billion euros in 2020.

Royaume-Uni: Une Suissesse grugée de près de 700’000 francs en ligne

Royaume-UniUne Suissesse grugée de près de 700’000 francs en ligne Deux escrocs ont été condamnés à Londres. La principale victime est une sexagénaire tombée amoureuse d’un faux médecin. Deux hommes viennent d’être condamnés à de la prison ferme à Londres pour des escroqueries menées en ligne. Ils ont arnaqué plusieurs femmes et un homme.

Failles / vulnérabilités

OpenSSL warns of critical security vulnerability with upcoming patch

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down pretty much every secure communications and networking application and device out there.

FBI warning: This ransomware group is targeting poorly protected VPN servers

The FBI and other agencies are warning of a rise in Daixin Team ransomware and data extortion attacks on healthcare providers. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) has issued a joint warning about Daixin Team activity against the healthcare and public health sector since June 2022.

Zimbra dans la tourmente après la découverte d’autres vulnérabilités – Le Monde Informatique

Des failles de niveau élevé et critique ont été relevées dans Zimbra Collaboration Suite. Les entreprises qui ne disposent pas de correctifs sont invitées à supposer que la situation est compromise et à rechercher toute forme d’activité malveillante. Zimbra n’en finit plus d’essuyer les alertes sur des failles exploitées.

Justice / police / réglementation

British Hacker Charged for Operating « The Real Deal » Dark Web Marketplace

U.S. government has charged a 34-year-old British hacker with running a dark web marketplace called The Real Deal that sold hacking tools and stolen c

Student arrested for running one of Germany’s largest dark web markets

Germany’s Federal Criminal Police Office (BKA) has arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW), one of the largest darknet markets in the country. The platform had already gone offline in March 2022, with 16,000 registered users, 28,000 posts, and 72 high-volume sellers of prohibited goods, including weapons and drugs.

Dutch police arrest hacker who breached healthcare software vendor

The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents.

Ukrainian charged for operating Raccoon Stealer malware service

26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. Raccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model that threat actors can rent for $75/week or $200/month.

Fines for massive data breaches to increase to at least $50 million after Optus and Medibank hacks

The financial penalty imposed on companies engaged in serious or repeated privacy breaches will be increased to at least $50 million.

Clearview AI image-scraping face recognition service hit with €20m fine in France

The Clearview AI saga continues! If you haven’t heard of this company before, here’s a very clear and concise recap from the French privacy regulator, CNIL ( Commission Nationale de l’Informatique et des Libertés), which has very handily been publishing its findings and rulings in this long-running story in both French and English: Clearview AI collects photographs from many websites, including social media.

Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos

A former officer at Louisville Metro Police has admitted his part in a conspiracy that stalked and extorted young women online, breaking into their Snapchat accounts in order to steal their naked photos and videos. 36-year-old Bryan Wilson initially pleaded guilty in June, but more details of the plot have been released now.

Suisse

Cyberattaque à Zurich: L’app des transports publics plante le jour où les billets sont gratuits

Cyberattaque à ZurichL’app des transports publics plante le jour où les billets sont gratuits Une offre promotionnelle a été partiellement empêchée samedi à cause de pirates informatiques. Seuls les plus prévoyants ont pu en profiter. À l’occasion de son 150e anniversaire, l’assurance Zurich offrait samedi un code promo sur l’app et le site web des transports publics zurichois.

Neuchâtel: Situation sous contrôle après la cyberattaque du réseau pédagogique

NeuchâtelSituation sous contrôle après la cyberattaque du réseau pédagogique Après l’attaque contrée du système de messagerie du réseau pédagogique neuchâtelois, tous les mots de passe des utilisateurs ont été réinitialisés, par précaution. Les spécialistes de la sécurité informatique ont transpiré ces derniers jours.

Rencontrez les startups sélectionnées pour la saison 4 du Tech4Trust – Trust Valley

Nous sommes ravis d’annoncer que 26 startups ont été sélectionnées pour la 4ème édition du programme d’accélération Tech4Trust, dont la mission est de développer l’avenir de la confiance numérique et de la cybersécurité. À partir d’aujourd’hui, ces 26 startups vont démarrer un voyage intense de 6 mois conçu pour améliorer leur activité, préparer leur avenir et accélérer leur croissance.

Divers

Apple Launches New Security Research Hub

Apple’s work on hardening the memory allocator has made it harder for attackers to exploit certain classes of software vulnerabilities on iOS and Mac devices, the company’s security engineers wrote on a new website Apple launched to share technical details behind iOS and MacOS security technologies.

Japan officials link digital ID cards to healthcare

Japan’s plan to phase out public health insurance cards in favor of linking the services to a digital ID card could compel those who oppose the digitization to sign up. Beginning in Autumn 2024, existing photo-less national health insurance cards will no longer be accepted, officially replaced by My Number Cards.

New York Post hacked? No, the culprit is an employee

New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive messages targeting US politicians and a call for the assassination of US President Joe Biden. Another message on the tabloid’s account called for the assassination of New York lawmaker Alexandria Ocasio-Cortez too.

Veilleur et spécialiste en cybersécurité

Comments are closed.