Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Hacker Halts Sale of FBI’s High-Profile InfraGard Database
The InfraGard database containing the personal details of 87,000 members was initially being sold for $50,000 on a cybercrime and hacking forum.
Payment Giant Exposed 9 Million Credit Card Transaction Records
The trove of personal and credit card data was left exposed on a misconfigured server without any security authentication.
Data of 5.7M Gemini users available for sale on hacking forums
Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. The company pointed out that its systems were not impacted. « Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor.
Uber suffers new data breach after attack on vendor, info leaked online
Update below: Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. Added statement from TripActions, who said their data was not exposed.
Twitter confirms recent user data leak is from 2021 breach
Twitter confirmed today that the recent leak of millions of members’ profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022.
Hackers Breach TPG Telecoms’ Email Host to Steal Client Data
TPG Telecom claims that the hackers seemed to be searching for the customers’ cryptocurrency and financial information.
Cyberattaques / fraudes
CISA researchers: Russia’s Fancy Bear infiltrated US satellite network
Written by Christian Vasquez Dec 16, 2022 | CYBERSCOOP Researchers at the Cybersecurity and Infrastructure Security Agency recently discovered suspected Russian hackers lurking inside a U.S. satellite network, raising fresh concerns about Moscow’s intentions to infiltrate and disrupt the rapidly expanding space economy.
Chinese MirrorFace APT group targets Japanese political entities
ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of a specific political party.
LockBit claims attack on California’s Department of Finance
The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. An investigation has been started by the California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal agencies dedicated to protecting against cyber threats.
Play ransomware claims attack on Belgium city of Antwerp
The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp’s IT systems, suffered a ransomware attack that disrupted the city’s IT, email, and phone services.
Colombian energy supplier EPM hit by BlackCat ransomware attack
Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company’s operations and taking down online services. EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities.
Failles / vulnérabilités
Lego’s BrickLink service narrowly avoids catastrophic API exploit
Salt Labs, the research arm of API specialist Salt Security, has revealed it identified a pair of application programming interface (API) security vulnerabilities in Lego’s BrickLink digital resale platform. The vulnerabilities have now been fixed. Boasting over a million members, BrickLink is currently experiencing its busy season as shoppers scramble to before second-hand Lego sets before Christmas.
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about v
These hackers used Microsoft-signed malicious drivers to further their ransomware attacks
Security firms have reported that multiple hacking groups have been using drivers signed by Microsoft in a series of attacks, including the deployment of Cuba ransomware. That development matters because many security services will implicitly trust anything signed by Microsoft, During this month’s Patch Tuesday, Microsoft acknowledged reports by SentinelOne, Google-owned Mandiant, and Sophos about threat actors using a driver certified by Microsoft’s Windows Hardware Developer Program to deploy various malware.
Justice / police / réglementation
Global crackdown against DDoS services shuts down most popular platforms | Europol
Known as Operation Power Off, this operation saw law enforcement in the United States, the United Kingdom, the Netherlands, Poland and Germany take action against these types of attacks which can paralyse the internet. The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines.
8 charged with conspiracy to commit securities fraud
Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission (SEC) and Department of Justice (DoJ), who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in « fraudulent profits. »
Prosecutors charge six, seize 48 domains over DDoS-for-hire services
The Department of Justice (DoJ) has been authorized to seize 48 internet domains and has laid criminal charges against six individuals who allegedly ran distributed denial of service (DDoS) or « booter » or « stresser » services from the US. The FBI is seizing the 48 domains that facilitated DDoS attacks for paying customers against targeted computers.
Un ancien employé de Twitter condamné pour espionnage pour le compte de l’Arabie saoudite
Depuis son bureau dans la société Twitter, il communiquait au pouvoir saoudien les coordonnées personnelles des auteurs de messages hostiles à la monarchie. Ahmad Abouammo a été condamné le 14 décembre à trois ans et demi de prison par un juge fédéral du tribunal de San Francisco.
Woman gets 66 months in prison for role in $3.3 million ID fraud op
The Australian Federal Police (AFP) have announced today that a 24-year-old woman from Melbourne, arrested in 2019 for her role in large-scale, cyber-enabled identity theft crimes, was sentenced to five years and six months in prison. The woman pleaded guilty to her crimes on November 26, 2021.
L’UE lance le processus d’adéquation aux règlements de protection des données transatlantiques
La question du Cloud Act américain doit être clarifiée, depuis le flou créé par l’invalidation du Safe Harbor puis du Privacy Shield. Le dossier progresse. Un nouvel accord entre les Etats-Unis et l’UE concernant l’échange transatlantique des données est depuis peu sur les rails.
Suisse
Des données volées à Infopro font l’objet d’une demande de rançon
Le 21 novembre, une cyberattaque ciblait la société Infopro, hébergeur du logiciel de gestion Winbiz, paralysant les processus comptables de milliers d’entreprises romandes. Infopro déclarait alors « ne pas pouvoir exclure une fuite de données ». Selon la police bernoise, les craintes d’Infopro se sont confirmées et des données hébergées font actuellement l’objet d’une demande de rançon.
Participation de la Suisse aux discussions de l’OCDE sur la politique de l’économie numérique
Biel/Bienne, 15.12.2022 – Lors de la réunion ministérielle du Comité de la politique de l’économie numérique (CPEN) de l’OCDE, des représentants d’une cinquantaine de gouvernements, dont la Suisse, ainsi que de l’économie et de la société civile ont discuté de thèmes tels que l’intelligence artificielle, la gouvernance des données, l’avenir de la connectivité, la cybersécurité ou les droits de l’homme à l’ère numérique.
Divers
Microsoft : Les données clients cantonnées dans l’UE au 1er janvier 2023 – Le Monde Informatique
Dans les tuyaux depuis de longs mois, le plan de Microsoft EU Data Boundary permettant aux entreprises de stocker et de traiter leurs données clients au sein de l’Union européenne est programmé au 1er janvier 2023. Les services tels qu’Azure, Power BI, Dynamics 365 et Office 365 sont concernés.
Microsoft interdit le minage de cryptomonnaie sur Azure – Le Monde Informatique
Suite à la modification de ses accords de licence d’utilisation de ses services en ligne, Microsoft n’autorise plus le cryptomining sur Azure, sauf accord préalable avec l’éditeur. Microsoft fait un grand pas en arrière en matière de cryptomonnaie.
Google introduces end-to-end encryption for Gmail on the web
Google announced on Friday that it’s adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.
Marc Barbezat
Veilleur et spécialiste en cybersécurité
1 Comment
Comments are closed.
Pingback: Veille Cyber N419 – 26 décembre 2022 |