Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
LastPass piraté, les données clients affectées – Le Monde Informatique
Début décembre, le spécialiste en gestion des mots de passe a essuyé un incident de sécurité lié au premier où des données clients et confirme que les données de ses utilisateurs ont été touchées. Une situation qui intervient quelques mois après une précédente violation de données.
400 millions de données d’abonnés Twitter seraient en vente – Le Monde Informatique
Un pirate affirme avoir obtenu les informations personnelles de 400 millions d’abonnés à Twitter et tente de les vendre notamment à Elon Musk. Il a fourni un échantillon de 1 000 comptes dont des personnalités et des organisations.
Russian Killnet Hackers Claim Data Theft of FBI Agents
On Telegram, Killnet hackers have leaked a text file showing the login credentials of 10,000 individuals whom they claim are FBI agents.
Over 67,000 DraftKings Betting Accounts Hit by Hackers
New details about a hack from last month show that tens of thousands of users happily gambling away on DraftKings may have had their personal information stolen thanks to account info purchased off the sports gambling site. In a letter dated Dec.
‘We were allowed to be slaughtered’: calls by Russian forces intercepted
ut on the frontline, near the eastern Ukrainian city of Lyman, on 8 November at 15.10, a Russian serviceman called Andrey decided to ignore the orders of his superiors and call his mother with an unauthorised mobile phone. « No one feeds us anything, mum, » he complained. « Our supply is shit, to be honest.
TikTok explique pourquoi l’application a espionné des journalistes
TikTok admet avoir espionné deux journalistes grâce aux données collectées par l’application. Pour débusquer une taupe au sein de l’entreprise, plusieurs employés ont été trop loin en organisant une opération de pistage. ByteDance, maison mère de TikTok, révèle une nouvelle fuite de données personnelles.
US military biometric capture devices loaded with data were sold on eBay
Old US military equipment being sold on eBay contained what appears to be biometric data from troops, known terrorists, and people who may have worked with American forces in Afghanistan and other countries in the Middle East, according to a report from The New York Times .
Cyberattaques / fraudes
Ransomware attack at Louisiana hospital impacts 270,000 patients
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting almost 270,000 people who have received care at one of its medical centers. LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women’s hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens.
BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
BitKeep, a decentralized multi-chain crypto wallet, has confirmed a cyberattack that led to the distribution of fraudulent versions of its Android app
L’industriel ThyssenKrupp encore victime d’une cyberattaque – Le Monde Informatique
Le géant industriel allemand ThyssenKrupp est régulièrement visé par des attaques informatiques. Interrogé par l’AFP, un porte-parole du groupe affirme qu’aucune donnée n’a été à ce stade volée ou modifiée. Certaines entreprises ne se demandent plus depuis longtemps si elles vont être la cible de pirates informatiques.
Russian hackers attempted to breach petroleum refining company in NATO country, researchers say
A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto’s Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug.
Internet Crime Complaint Center (IC3) | Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information. Cyber criminals purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service.
The UK’s Guardian newspaper hit by ransomware attack
UK broadsheet media outlet The Guardian has become the victim of a ransomware attack which seems to have taken out a large chunk of office-based systems. Journalists at the center-left newspaper have continued to work from home and publish on its website, but according to the publication’s own output, it has been hit by « a serious IT incident, which is believed to be a ransomware attack. »
La Corée du Nord serait à l’origine du vol de 1,2 milliard de dollars en cryptoactifs
On sait que la Corée du Nord fait partie, avec la Russie, des principaux pays à l’origine des cyberattaques. Les services d’espionnage sud-coréens ont mis des chiffres en face de cette assertion la semaine dernière. Les pirates nord-coréens auraient dérobé 1,2 milliard de dollars en cryptomonnaies et autres actifs numériques depuis 2017, dont 626 millions rien qu’en 2022, rapporte l’agence de presse AP.
Failles / vulnérabilités
Linux admins have a CVSS 10 kernel bug to address
In brief Merry Christmas, Linux systems administrators: here’s a kernel vulnerability with a CVSS score of 10 potentially in your SMB server. It can be exploited to achieve unauthenticated user remote code execution. Yes, this sounds bad, and a severity score of 10 out of 10 isn’t reassuring at all.
Justice / police / réglementation
Facebook paye 725 M$ pour clore l’affaire Cambridge Analytica – Le Monde Informatique
Après avoir réglé une amende record de 5 Md$ à la FTC en 2019 sur l’exploitation et la violation de dizaines de millions de profils de son réseau social via Cambridge Analytica, Facebook verse 725 M$ pour clôturer une action de groupe et mettre un terme aux poursuites.
‘Russian hackers’ help two New York men game JFK taxi system
A pair of men living in New York, working with unnamed Russian nationals, hacked and manipulated the electronic taxis dispatch system at John F. Kennedy International Airport as part of a money-making scheme over a period of at least two years, federal prosecutors said Tuesday.
Albanian IT staff charged with negligence over cyberattack
TIRANA, Albania (AP) – Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.
Microsoft fined €60M for using advertising cookies without consent
France’s privacy watchdog fines €60 million Microsoft’s Ireland subsidiary for using advertising cookies without the explicit consent of its customers. The practice violated the European data protection law. The CNIL received a complaint relating to the conditions for the deposit of cookies on « bing.com, » and investigated the issue in September 2020 and May 2021.
T-Mobile hacker gets 10 years for $25 million phone unlock scheme
Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile’s internal systems. Between August 2014 and June 2019, the 44-year-old man behind the scheme, who was also ordered to pay $28,473,535 in restitution, « cleaned » hundreds of thousands of cellphones for his « customers. »
Massive Twitter data leak investigated by EU privacy watchdog
The Irish Data Protection Commission (DPC) has launched an inquiry following last month’s news reports of a massive Twitter data leak. This leak affected over 5.4 million Twitter users and included both public information scraped from the site as well as private phone numbers and email addresses.
Suisse
Suite à un hack, les données bancaires des intérimaires d’Adecco ont été volées
Le géant de l’intérim Adecco a été victime d’un piratage. Les données personnelles de nombreux intérimaires ont été siphonnées par un mystérieux hacker. Celui-ci est ensuite parvenu à voler l’argent directement sur le compte bancaire de ses victimes. Adecco, le groupe suisse d’intérim, met en garde une partie de ses intérimaires.
Divers
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become « uninsurable » as the disruption from hacks continues to grow. This content was published on December 26, 2022 Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage.
Vice Society ransomware gang switches to new custom encryptor
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305. According to cybersecurity firm SentinelOne, which discovered the new strain and named it « PolyVice, » it’s likely that Vice Society sourced it from a vendor who supplies similar tools to other ransomware groups.
Hacked Ring Cams Used to Record Swatting Victims
Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then « swatting » them – falsely reporting a violent incident at the target’s address to trick local police into responding with force.
ChatGPT peut créer une cyberattaque
Des chercheurs de Checkpoint ont démontré qu’il est relativement aisé de créer un flux d’exécution complet à l’aide de ChatGPT. De la rédaction de l’e-mail de phishing à l’écriture du code téléchargeant et exécutant un fichier malveillant à l’ouverture d’un document Excel.
Un commentaire
Pingback: Veille Cyber N421 – 09 janvier 2023 |