Cybersécurité Pour décoder l'actualité sur la cybersécurité , le cybercrime et les cyberattaques
Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Medibank Admits That All Customer Data Was Exposed
As reported by Medibank, an Australian health insurance giant, every one of its customers had their personal information accessed by ransomware actors-which happened a few days after Medibank had downplayed the aftermath of a recent breach.
Fuite de données chez Microsoft: 65’000 clients seraient concernés
Une erreur de configuration des systèmes Endpoint chez Microsoft a rendu accessible publiquement 2,4 téraoctets de données clients. Le fournisseur de cybersécurité SOCRadar en a informé le géant de la tech le 24 septembre dernier. Microsoft affirme avoir depuis corrigé l’erreur et les données ne peuvent plus être consultées qu’avec l’authentification nécessaire.
Australian Clinical Labs says patient data stolen in ransomware attack
Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people. ACL is an Australian healthcare company that operates 89 laboratories and performs six million tests annually, offering its services to 92 private and public hospitals across Australia.
Cette entreprise paie la rançon, mais les pirates divulguent quand même ses données
Sécurité : Il est toujours recommandé aux victimes de ransomware de ne pas céder aux demandes de rançon, et ce cas réel le prouve. Une victime d’une attaque par ransomware a payé pour rétablir l’accès à son réseau, mais les cybercriminels n’ont pas respecté leur part du marché.
Cyberattaques / fraudes
A massive cyberattack hit Slovak and Polish Parliaments
A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. « The attack was multi-directional, including from inside the Russian Federation, » reads a statement published by the Polish Senate. Polish authorities argued that the attack may be linked to the Senate’s vote.
Largest EU copper producer Aurubis suffers cyberattack, IT outage
German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread. Aurubis is Europe’s largest copper producer and the second largest in the world, with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly.
Twilio discloses another security incident that took place in June
The Communications company Twilio announced that it suffered another « brief security incident » on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to customers’ and employees’ information.
Iran’s nuclear energy agency confirms email server hacked
The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach.
Norway PM warns of Russia cyber threat to oil and gas industry
Norway ‘s prime minister Jonas Gahr Støre warned that Russia poses « a real and serious threat » to the country’s oil and gas industry. The minister claims its country is going slow in adopting necessary measures to protect organizations and critical infrastructure operators in the energy sector from cyberattacks.
Wholesale giant METRO confirmed to have suffered a cyberattack
International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000 people in 681 stores worldwide, most of them in Germany, its sales reached 24.8 billion euros in 2020.
Royaume-Uni: Une Suissesse grugée de près de 700’000 francs en ligne
Royaume-UniUne Suissesse grugée de près de 700’000 francs en ligne Deux escrocs ont été condamnés à Londres. La principale victime est une sexagénaire tombée amoureuse d’un faux médecin. par Deux hommes viennent d’être condamnés à de la prison ferme à Londres pour des escroqueries menées en ligne.
Failles / vulnérabilités
OpenSSL warns of critical security vulnerability with upcoming patch
Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down pretty much every secure communications and networking application and device out there.
FBI warning: This ransomware group is targeting poorly protected VPN servers
The FBI and other agencies are warning of a rise in Daixin Team ransomware and data extortion attacks on healthcare providers. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) has issued a joint warning about Daixin Team activity against the healthcare and public health sector since June 2022.
Zimbra dans la tourmente après la découverte d’autres vulnérabilités – Le Monde Informatique
Des failles de niveau élevé et critique ont été relevées dans Zimbra Collaboration Suite. Les entreprises qui ne disposent pas de correctifs sont invitées à supposer que la situation est compromise et à rechercher toute forme d’activité malveillante. Zimbra n’en finit plus d’essuyer les alertes sur des failles exploitées.
Justice / police / réglementation
British Hacker Charged for Operating « The Real Deal » Dark Web Marketplace
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy.
Student arrested for running one of Germany’s largest dark web markets
Germany’s Federal Criminal Police Office (BKA) has arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW), one of the largest darknet markets in the country. The platform had already gone offline in March 2022, with 16,000 registered users, 28,000 posts, and 72 high-volume sellers of prohibited goods, including weapons and drugs.
Dutch police arrest hacker who breached healthcare software vendor
The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents.
Ukrainian charged for operating Raccoon Stealer malware service
26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. Raccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model that threat actors can rent for $75/week or $200/month.
Fines for massive data breaches to increase to at least $50 million after Optus and Medibank hacks
The financial penalty imposed on companies engaged in serious or repeated privacy breaches will be increased to at least $50 million.
Clearview AI image-scraping face recognition service hit with €20m fine in France
The Clearview AI saga continues! If you haven’t heard of this company before, here’s a very clear and concise recap from the French privacy regulator, CNIL ( Commission Nationale de l’Informatique et des Libertés), which has very handily been publishing its findings and rulings in this long-running story in both French and English: Clearview AI collects photographs from many websites, including social media.
Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos
A former officer at Louisville Metro Police has admitted his part in a conspiracy that stalked and extorted young women online, breaking into their Snapchat accounts in order to steal their naked photos and videos. 36-year-old Bryan Wilson initially pleaded guilty in June, but more details of the plot have been released now.
Suisse
Cyberattaque à Zurich: L’app des transports publics plante le jour où les billets sont gratuits
À l’occasion de son 150e anniversaire, l’assurance Zurich offrait samedi un code promo sur l’app et le site web des transports publics zurichois. En entrant « Zurich150 » en achetant un titre de transport, on pouvait obtenir un ticket gratuit. Manque de bol, c’est ce jour-là que des pirates informatiques ont décidé de s’attaquer en masse à l’app, comme le raconte le « Tages-Anzeiger ».
Neuchâtel: Situation sous contrôle après la cyberattaque du réseau pédagogique
NeuchâtelSituation sous contrôle après la cyberattaque du réseau pédagogique Après l’attaque contrée du système de messagerie du réseau pédagogique neuchâtelois, tous les mots de passe des utilisateurs ont été réinitialisés, par précaution. Les spécialistes de la sécurité informatique ont transpiré ces derniers jours.
Divers
Apple Launches New Security Research Hub
Apple’s work on hardening the memory allocator has made it harder for attackers to exploit certain classes of software vulnerabilities on iOS and Mac devices, the company’s security engineers wrote on a new website Apple launched to share technical details behind iOS and MacOS security technologies.
Japan officials link digital ID cards to healthcare
Japan’s plan to phase out public health insurance cards in favor of linking the services to a digital ID card could compel those who oppose the digitization to sign up. Beginning in Autumn 2024, existing photo-less national health insurance cards will no longer be accepted, officially replaced by My Number Cards.
New York Post hacked? No, the culprit is an employee
New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive messages targeting US politicians and a call for the assassination of US President Joe Biden. Another message on the tabloid’s account called for the assassination of New York lawmaker Alexandria Ocasio-Cortez too.
Un commentaire
Pingback: Veille Cyber N412 – 07 novembre 2022 |