hands typing on a laptop keyboard

Le tour des actus cybersécurité | 18 déc 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Hacker Halts Sale of FBI’s High-Profile InfraGard Database

The InfraGard database containing the personal details of 87,000 members was initially being sold for $50,000 on a cybercrime and hacking forum.

Payment Giant Exposed 9 Million Credit Card Transaction Records

The trove of personal and credit card data was left exposed on a misconfigured server without any security authentication.

Data of 5.7M Gemini users available for sale on hacking forums

Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. The company pointed out that its systems were not impacted. « Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor.

Uber suffers new data breach after attack on vendor, info leaked online

Update below: Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. Added statement from TripActions, who said their data was not exposed.

Twitter confirms recent user data leak is from 2021 breach

Twitter confirmed today that the recent leak of millions of members’ profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022.

Hackers Breach TPG Telecoms’ Email Host to Steal Client Data

TPG Telecom claims that the hackers seemed to be searching for the customers’ cryptocurrency and financial information.

Cyberattaques / fraudes

CISA researchers: Russia’s Fancy Bear infiltrated US satellite network

Written by Christian Vasquez Dec 16, 2022 | CYBERSCOOP Researchers at the Cybersecurity and Infrastructure Security Agency recently discovered suspected Russian hackers lurking inside a U.S. satellite network, raising fresh concerns about Moscow’s intentions to infiltrate and disrupt the rapidly expanding space economy.

Chinese MirrorFace APT group targets Japanese political entities

ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of a specific political party.

LockBit claims attack on California’s Department of Finance

The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. An investigation has been started by the California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal agencies dedicated to protecting against cyber threats.

Play ransomware claims attack on Belgium city of Antwerp

The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp’s IT systems, suffered a ransomware attack that disrupted the city’s IT, email, and phone services.

Colombian energy supplier EPM hit by BlackCat ransomware attack

Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company’s operations and taking down online services. EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities.

Failles / vulnérabilités

Lego’s BrickLink service narrowly avoids catastrophic API exploit

Salt Labs, the research arm of API specialist Salt Security, has revealed it identified a pair of application programming interface (API) security vulnerabilities in Lego’s BrickLink digital resale platform. The vulnerabilities have now been fixed. Boasting over a million members, BrickLink is currently experiencing its busy season as shoppers scramble to before second-hand Lego sets before Christmas.

Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about v

These hackers used Microsoft-signed malicious drivers to further their ransomware attacks

Security firms have reported that multiple hacking groups have been using drivers signed by Microsoft in a series of attacks, including the deployment of Cuba ransomware. That development matters because many security services will implicitly trust anything signed by Microsoft, During this month’s Patch Tuesday, Microsoft acknowledged reports by SentinelOne, Google-owned Mandiant, and Sophos about threat actors using a driver certified by Microsoft’s Windows Hardware Developer Program to deploy various malware.

Justice / police / réglementation

Global crackdown against DDoS services shuts down most popular platforms | Europol

Known as Operation Power Off, this operation saw law enforcement in the United States, the United Kingdom, the Netherlands, Poland and Germany take action against these types of attacks which can paralyse the internet. The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines.

8 charged with conspiracy to commit securities fraud

Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission (SEC) and Department of Justice (DoJ), who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in « fraudulent profits. »

Prosecutors charge six, seize 48 domains over DDoS-for-hire services

The Department of Justice (DoJ) has been authorized to seize 48 internet domains and has laid criminal charges against six individuals who allegedly ran distributed denial of service (DDoS) or « booter » or « stresser » services from the US. The FBI is seizing the 48 domains that facilitated DDoS attacks for paying customers against targeted computers.

Un ancien employé de Twitter condamné pour espionnage pour le compte de l’Arabie saoudite

Depuis son bureau dans la société Twitter, il communiquait au pouvoir saoudien les coordonnées personnelles des auteurs de messages hostiles à la monarchie. Ahmad Abouammo a été condamné le 14 décembre à trois ans et demi de prison par un juge fédéral du tribunal de San Francisco.

Woman gets 66 months in prison for role in $3.3 million ID fraud op

The Australian Federal Police (AFP) have announced today that a 24-year-old woman from Melbourne, arrested in 2019 for her role in large-scale, cyber-enabled identity theft crimes, was sentenced to five years and six months in prison. The woman pleaded guilty to her crimes on November 26, 2021.

L’UE lance le processus d’adéquation aux règlements de protection des données transatlantiques

La question du Cloud Act américain doit être clarifiée, depuis le flou créé par l’invalidation du Safe Harbor puis du Privacy Shield. Le dossier progresse. Un nouvel accord entre les Etats-Unis et l’UE concernant l’échange transatlantique des données est depuis peu sur les rails.

Suisse

Des données volées à Infopro font l’objet d’une demande de rançon

Le 21 novembre, une cyberattaque ciblait la société Infopro, hébergeur du logiciel de gestion Winbiz, paralysant les processus comptables de milliers d’entreprises romandes. Infopro déclarait alors « ne pas pouvoir exclure une fuite de données ». Selon la police bernoise, les craintes d’Infopro se sont confirmées et des données hébergées font actuellement l’objet d’une demande de rançon.

Participation de la Suisse aux discussions de l’OCDE sur la politique de l’économie numérique

Biel/Bienne, 15.12.2022 – Lors de la réunion ministérielle du Comité de la politique de l’économie numérique (CPEN) de l’OCDE, des représentants d’une cinquantaine de gouvernements, dont la Suisse, ainsi que de l’économie et de la société civile ont discuté de thèmes tels que l’intelligence artificielle, la gouvernance des données, l’avenir de la connectivité, la cybersécurité ou les droits de l’homme à l’ère numérique.

Divers

Microsoft : Les données clients cantonnées dans l’UE au 1er janvier 2023 – Le Monde Informatique

Dans les tuyaux depuis de longs mois, le plan de Microsoft EU Data Boundary permettant aux entreprises de stocker et de traiter leurs données clients au sein de l’Union européenne est programmé au 1er janvier 2023. Les services tels qu’Azure, Power BI, Dynamics 365 et Office 365 sont concernés.

Microsoft interdit le minage de cryptomonnaie sur Azure – Le Monde Informatique

Suite à la modification de ses accords de licence d’utilisation de ses services en ligne, Microsoft n’autorise plus le cryptomining sur Azure, sauf accord préalable avec l’éditeur. Microsoft fait un grand pas en arrière en matière de cryptomonnaie.

Google introduces end-to-end encryption for Gmail on the web

Google announced on Friday that it’s adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.

un petit clic pour ma veille
un super clic pour la maintenance du blog

Veilleur et spécialiste en cybersécurité

Comments are closed.

S'incrire à la newsletter

Inscrivez-vous et recevez la synthèse des nouveaux articles directement dans votre boîte aux lettres.

Merci pour votre inscription !

Un erreur s'est produite. Merci d'essayer à nouveau ou utiliser le formulaire disponible dans la barre latérale du site.

Send this to a friend