Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
After Attacking Medical Center, Hackers Leak Patients’ Abortion Details on the Dark Web
After attacking a major healthcare provider in Australia earlier this year, cybercriminals dumped a large selection of data to the internet this week, including customers’ personal health information. The leak reportedly includes sensitive documents related to some patients’ medical procedures, including pregnancies and abortions.
Medibank won’t pay ransom as more stolen data shows up on dark web
Medibank has confirmed more customer details compromised in a recent security breach have popped up on a dark web forum, describing the illegal sale as a disgrace. The Australian health insurer is refusing to fork out any ransom payment for the data, pointing to expert advice and government guidelines.
Cyberattaques / fraudes
Australia blames Russia for hosting health insurance hackers
The Australian Federal Police (AFP) has pointed to Russia as the location of the attackers who breached local health insurer Medibank, accessed almost ten million customer records, and in recent days dumped some customer data onto the dark web.
An initial access broker claims to have hacked Deutsche Bank
A threat actor ( 0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram.
Canadian supermarket chain Sobeys suffered a ransomware attack
Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During the last week, grocery stores and pharmacies belonging to the company have experienced IT issues.
$1 billion of FTX customer funds have vanished, Reuters reported
Crypto exchange FTX is recommending users to delete FTX apps and avoid using its website, a circumstance that refutes the rumors that the rumors of a $600 million crypto heist. The owners of several wallets of the crypto exchange are also reporting that the have been emptied, experts also reported that FTX’s API were not available.
Le cybergang francophone OPERA1ER enchaine les victimes en Afrique – Le Monde Informatique
Identifié en 2019 par l’équipe threat intel de Group-IB, le cybergang francophone OPERA1ER est parvenu à extorquer 11 millions de dollars à des organismes bancaires, financiers et de télécommunications en Afrique de l’Ouest. 35 cyberattaques connues ont été identifiées entre 2018 et 2022.
Notorious Russian military hacking crew behind October ransomware attacks on Ukraine, Poland
Written by AJ Vicens Nov 10, 2022 | CYBERSCOOP Researchers at Microsoft said Thursday that an attack on transportation and logistics companies in Ukraine and Poland last month was the work of a notorious Russian military intelligence unit. The Oct. 11 attack – dubbed « Prestige » – attempted to cripple access to computers across the organizations it targeted.
A cyberattack blocked the trains in Denmark
A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo which provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.
Failles / vulnérabilités
Twitter Blue signups disappear a day after fakes and mayhem
Twitter users are reporting that the option to sign up for the company’s new $7.99 subscription service, Twitter Blue, has disappeared from the platform’s iOS app just days after the service launched. After we first published this story Friday morning, Platformer’s Zoe Schiffer reported that the company has suspended the launch of Twitter Blue.
Researcher received a $70k award for Google Pixel lock screen bypass
Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was awarded $70,000 for this flaw.
Dangerous SIM-swap lockscreen bypass – update Android now!
A bug bounty hunter called David Schütz has just published a detailed report describing how he crossed swords with Google for several months over what he considered a dangerous Android security hole. According to Schütz, he stumbled on a total Android lockscreen bypass bug entirely by accident in June 2022, under real-life conditions that could easily have happened to anyone.
Justice / police / réglementation
LockBit ransomware suspect arrested in Canada, faces charges in US
Written by AJ Vicens Nov 10, 2022 | CYBERSCOOP Canadian law enforcement officials arrested a dual Russian and Canadian national in October accused of participating in LockBit ransomware attacks against targets across the world, costing victims millions of dollars.
U.S. seized 18 web domains used for recruiting money mules
The FBI and U.S. Postal Inspection Service have seized eighteen web domains used to recruit money mules for work-from-home and reshipping scams. The seized websites claimed to offer jobs for a legitimate company as « quality control inspectors, » being requested to ship items from their homes or even purchase goods using their own credit cards.
Suisse
Swissquote victime d’une attaque DDoS
L’accessibilité des plateformes et services de Swissquote a été affectée hier 8 novembre. La perturbation a duré de nombreuses heures. Sur Twitter, la banque a d’abord fait savoir qu’elle faisait face à une situation exceptionnelle et inhabituelle. Près d’une journée après les perturbations, Swissquote a concédé, toujours via Twitter, avoir subi une « attaque DDoS massive ».
Divers
La Croix-Rouge veut créer un emblème pour dissuader les cyberpirates
Le Comité international de la Croix-Rouge (CICR) a dévoilé un projet d’introduction d’emblème numérique de la Croix-Rouge ou du Croissant-Rouge. L’objectif est de mieux protéger les infrastructures IT des établissements médicaux et des bureaux de la Croix-Rouge, fait savoir le CICR dans un communiqué.
Swiss Re proposes government-backed cyber insurance
As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap. Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re’s estimates.