Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
WhatsApp data leak: 500 million user records for sale
Original post published by Cybernews: https://cybernews.com/news/whatsapp-data-leak/ On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.
Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.
Cyberattaques / fraudes
Killnet Hits European Parliament Website with DDoS Attack
The DDoS attack took place moments after the European Parliament voted to declare the Russian government a state sponsor of terrorism.
Ransomware gang targets Belgian municipality, hits police instead
The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more.
Hackers breach energy orgs via bugs in discontinued web server
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. As cybersecurity company Recorded Future revealed in a report published in April, state-backed Chinese hacking groups (including one traced as RedEcho) targeted multiple Indian electrical grid operators, compromising an Indian national emergency response system and the subsidiary of a multinational logistics company.
Failles / vulnérabilités
Un an après la découverte de Log4j, l’extrême vulnérabilité des organisations n’ayant pas appliqué les correctifs
Sécurité : Près d’un an après la découverte de la faille Log4j, une alerte conjointe de la CISA et du FBI avertit les organisations de l’urgence à appliquer les mesures correctrices.
Les US s’inquiètent de la cybersécurité des plateformes pétrolières et de gaz offshore – Le Monde Informatique
Les infrastructures pétrolières et gazières offshore sont confrontées à des risques cybersécurité importants avec de sérieuses menaces et impacts selon le service d’audit et d’enquête du Congrès américain. Mais l’arsenal de mesures pour mieux identifier et atténuer les risques se fait encore attendre. Les infrastructures pétrolières et gazières américaines sont particulièrement exposées aux risques cybersécurité.
Google lance l’alerte : des millions de smartphones Android exposés à des failles de sécurité
L’équipe d’experts en sécurité informatique de Google, connue sous le nom » Project Zero « , a publié un billet de blog alertant sur la vulnérabilité des GPU Mali que l’on retrouve dans des millions de smartphones Android.
Microsoft warns: This forgotten open-source web server could let hackers ‘silently’ gain access to your system
Microsoft has raised an alarm about a peculiar cybersecurity threat that serves as a warning to all enterprises about open-source software (OSS) supply chain security. The Microsoft Threat Intelligence Center (MSTIC) kicked off its own investigation into an April 2022 report by security vendor Recorded Future about a « likely Chinese state-sponsored » threat actor targeting the Indian power sector for the past two years.
Justice / police / réglementation
Two Estonians arrested for running $575M crypto Ponzi scheme
Two Estonian nationals were arrested in Estonia, on Sunday, after being indicted in the U.S. for running a massive cryptocurrency Ponzi scheme that led to more than $575 million in losses. The defendants, 37-year-olds Sergei Potapenko and Ivan Turõgin, are accused of defrauding hundreds of thousands of victims together with four other co-conspirators residing in Estonia, Belarus, and Switzerland between December 2013 and August 2019.
Interpol seized $130 million from cybercriminals worldwide
INTERPOL has announced the seizure of $130,000,000 million worth of money and virtual assets linked to various cybercrimes and money laundering operations. The law enforcement operation is codenamed « HAECHI III » and lasted between June 28 and November 23, 2022, allowing INTERPOL to arrest almost a thousand suspects.
Action against criminal website that offered ‘spoofing’ services to fraudsters: 142 arrests | Europol
In a coordinated action led by the United Kingdom and supported by Europol and Eurojust, 142 suspects have been arrested, including the main administrator of the website. London’s Metropolitan Police Commissioner Sir Mark Rowley stated: The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.
Police are sending messages to 70,000 people who may have fallen victim to phone scammers
Police are sending text messages to over 70,000 people to warn them that they’ve fallen victim to online-banking scams, and telling them how to take action. The messages are being sent by the Metropolitan Police as part of the UK’s biggest ever anti-fraud crackdown, following an international operation to shut down a cyber-criminal service.
Suisse
Les clients de Winbiz font les frais d’une cyberattaque contre l’hébergeur Infopro
Logiciel de comptabilité prisé de nombreuses petites et moyennes entreprises suisses, Winbiz en mode cloud n’est plus opérationnel depuis lundi 21 novembre. Mardi, l’éditeur suisse romand a communiqué que son hébergeur infopro.ch faisait les frais d’une cyberattaque. Précisant qu’après investigations, il apparaît que les données des clients n’ont pas été compromises.
Divers
UK urges to disconnect Chinese cameras in government buildings
Reuters reports that the British government ordered its departments to stop installing Chinese security cameras at sensitive buildings due to security risks. The Government has ordered departments to disconnect the camera from core networks and to consider removing them.
