Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Stolen data of 600,000 Indians sold on bot markets so far – study
Around five million people globally have had their data stolen and sold on the bot market till date, of which 600,000 are from India, making it the worst affected country, according to one of the world’s largest VPN serice providers NordVPN.
Des données sensibles des autorités judiciaires zurichoises finissent dans le milieu de la drogue
Pendant plusieurs années, des données sensibles des autorités de poursuite pénale zurichoises se sont retrouvées dans le milieu de la drogue. A l’origine de la fuite, la mise au rebut d’ordinateurs usagés, dont les disques durs n’ont pas été effacés correctement.
Cyberattaques / fraudes
FBI warning: This ransomware gang has hit over 100 targets and made more than $60 million
A prolific ransomware gang has hit over 100 organizations around the world and claimed over $60 million in ransom payments, a security warning from CISA and the FBI has warned. The newly-released joint cybersecurity advisory warns there’s been a sharp increase in both the number of organizations targeted by the Cuba ransomware group and the ransom amounts being demanded.
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the « patient. »
French hospital cancels operations after ransomware attack
France’s health ministry announced that the Hospital Centre of Versailles was hit by a cyber attack over the weekend. Hospital Centre of Versailles, which includes Andre-Mignot Hospital, Richaud Hospital and the Despagne Retirement Home, canceled operations and transferred some patients due to the cyberattack.
Russia’s second-largest bank VTB Bank under DDoS attack
State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for the DDoS attacks against the bank. In November the group of hacktivists announced the offensive on its Telegram channel.
Largest mobile malware marketplace identified by Resecurity in the Dark Web
« In the Box » dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-based cybersecurity company protecting major Fortune 500 companies, has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators.
Failles / vulnérabilités
Samsung’s Android app-signing key has leaked, is being used to sign malware
A developer’s cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you’re installing.
Antivirus and EDR solutions tricked into acting as data wipers
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.
Hacking cars remotely with just their VIN
Your car’s mobile app might have allowed hackers to remotely unlock your vehicle, turn on or off its engine, and even honk its horn. Those are the findings of Sam Curry, a security researcher and bug bounty hunter, who explored vulnerabilities that could affect Hyundai, Genesis, Nissan, Infiniti, Honda, and Acura vehicles, amongst others.
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th. During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration.
Justice / police / réglementation
Police Dismantle SIM Swapping Gang in Spain
The Spanish National Police successfully arrested a SIM swapping gang known as the « Black Panthers », making 55 arrests in Barcelona.
Australia arrests ‘Pig Butchering’ suspects for stealing $100 million
The Australian Federal Police (AFP) have arrested four suspected members of a financial investment scam syndicate estimated to have stolen $100 million from victims worldwide. All four arrested individuals are Chinese nationals living in Sydney. The AFP began investigating them following tips from the United States Secret Service (USSS).
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in the trade as SIM swapping, also known as number porting.
2 469 money mules arrested in worldwide crackdown against money laundering | Europol
During an operational phase carried out between mid-September to the end of November 2022, 8 755 money mules were identified alongside 222 money mule recruiters, and 2 469 individuals were arrested worldwide. Now in its eighth edition, the European Money Mule Action (EMMA8) has gone international, with actions carried out in countries as far apart as Colombia, Singapore and Australia.
Suisse
L’app suisse Threema change de technologie de chiffrement
Threema renouvelle sa technologie de chiffrement. Le service suisse de messagerie instantanée annonce l’introduction du protocole de communication cryptographique « Ibex ». Selon Threema, celui-ci intègre un niveau supplémentaire de « Perfect Forward Secrecy » dans la couche de chiffrement de bout en bout. Avec cette technologie, une nouvelle clé est générée pour chaque message.
Proton VPN : le réseau privé virtuel suisse gagne toute l’UE | Silicon
Proton VPN, service de réseau privé virtuel multiplateforme, dispose désormais de serveurs dans tous les pays de l’Union européenne. La société suisse Proton étend la couverture de son offre Proton VPN. Ce service de réseau privé virtuel, à haut débit et multiplateforme, est développé par la société suisse Proton Technologies AG et ses équipes issues du CERN et du MIT.
Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks
The Swiss government has asked Parliament to amend the Information Security Act to make it mandatory for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre ( NCSC). The move would be aimed at shedding light on hackers and sounding the alarm more widely on cyber-threats in the country.
Divers
Apple will encrypt iCloud backups, addressing longstanding criticism
Written by Tonya Riley Dec 7, 2022 | CYBERSCOOP Apple will introduce end-to-end encryption for iCloud backups, resolving longstanding criticism over the absence of the safeguard for a key way users store data. The « Advanced Data Protection » mode will be available for all iCloud data including backups, photos and notes, the company announced Wednesday.
Cyber scammers are scamming each other, and revealing dark web secrets along the way
Cyber criminals are losing millions of dollars to other cyber criminals after themselves falling victim to scams on dark web forums. And the way they’re publicly complaining about it could help uncover the secrets of the whole underground economy.
Cyber-assurance : l’obligation de porter plainte sous 72 heures arrivera dès mars 2023
D’ici le premier semestre 2023, les victimes de cyberattaques devront déposer plainte sous 72 heures si elles veulent profiter de la couverture de l’assurance. Intégrée au projet de loi Lopmi, qui a été votée à l’Assemblée nationale mercredi et sera validée au Sénat la semaine prochaine, cette nouvelle contrainte agace une partie des entreprises.
1 Comment
Comments are closed.
Pingback: Veille Cyber N418 – 19 décembre 2022 |