Actus pour LeDécodeu

L’hebdo cybersécurité | 8 janv 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Les données de 257 millions d’utilisateurs de Deezer mises en ligne

Un cybercriminel a publié sur le darknet, fin décembre 2022, des données personnelles de 257 millions d’utilisateurs de Deezer. Il a pu les collecter dès 2019 en raison d’une erreur d’un partenaire de la plateforme de streaming. L’incident a été rendu public en novembre 2022.

200 Million Twitter Users’ Data Is for Sale on the Dark Web for $2

It turns out that Twitter-a company currently enduring more than one major headache-has a pretty bad data breach on its hands. It could impact hundreds of millions of users and lead to major security issues for the platform but, despite its severity, it’s been easy to miss amidst the flood of other and controversies plaguing the social media giant.

Slack’s private GitHub code repositories stolen over holidays

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022.

Does Volvo Cars suffer a new data breach?

French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. A member of the forum, who goes online with the moniker IntelBroker, announced on December 31, 2022, that VOLVO CARS fell victim to ransomware attack.

Hive Ransomware leaked 550 GB stolen from Consulate Health Care

Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen data. The gang states that the attack took place on December 3rd, 2022 and the attack was disclosed on January 6, 2023.

Air France and KLM notify customers of account hacks

Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards.

14 UK schools suffer cyberattack, highly confidential documents leaked

More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.

Ransomware gang cloned victim’s website to leak stolen data

The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim’s site to publish stolen data on it. It appears that ALPHV, also known as BlackCat ransomware, is known for testing new extortion tactics as a way to pressure and shame their victims into paying.

Cyberattaques / fraudes

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

Cybercriminals Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

Après le piratage de  » Charlie Hebdo « , un hackeur au profil flou et une étrange campagne sur les réseaux sociaux

Qui se cache derrière le piratage de Charlie Hebdo ? Après l’attaque informatique qui a visé l’hebdomadaire, mercredi 4 janvier, de nombreuses zones d’ombre subsistent. Une enquête a été ouverte jeudi des chefs d’accès et maintien frauduleux dans un système de traitement automatisé de données.

Lockbit apologized for the attack on SickKids pediatric hospital and releases a free decryptor

The LockBit ransomware gang formally apologized for the attack on the Hospital for Sick Children (SickKids) and has released a free decryptor for the Hospital. The group is known to have a role for its affiliated that prohibits attacking healthcare organizations. Its policy forbids to encrypt systems of organizations where damage could lead to the death of individuals.

No Title

No Description

Canadian mining firm shuts down mill after ransomware attack

The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack that impacted its operations. CMMC, partly owned by Mitsubishi Materials Corporation, is an 18,000-acre claim that produces an average of 100 million pounds of copper per year and has an estimated mineral reserve capacity for another 32 years.

Lockbit ransomware gang claims to have hacked the Port of Lisbon

The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The website of the port was hit by a cyber attack on December 25, in response to the security breach the administrators shut down it.

No Title

No Description

Un logiciel espion israélien vise les caméras de sécurité

Le quotidien israélien Hareetz a consacré, le 26 décembre 2022, un article à la société Toka, spécialisée dans la prise de contrôle de caméras de sécurité. L’entreprise israélienne, fondée en 2018, est dirigée par un ancien chef de la cybersécurité nationale et un ancien premier ministre, Ehud Barak.

Ransomware decryption tool: Victims of MegaCortex can now unlock their files for free

Victims of MegaCortex ransomware attacks can now decrypt their files without giving into the ransom demands of cyber criminals, thanks to a free decryption tool that’s been released following collaboration between cybersecurity researchers and police. The MegaCortex ransomware decryptor was built by cybersecurity analysts at Bitdefender in cooperation with Europol, the No More Ransom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police.

Saint Gheorghe Recovery Hospital in Romania hit with ransomware

The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December that is still impacting medical operations. The hospital is not able to report the services performed in December 2022 and for this reason, it cannot receive payment for the medical services provided.

French-speaking cybercriminals continue attacks on African banks

Written by AJ Vicens Jan 5, 2023 | CYBERSCOOP A cybercrime group believed responsible for a series of thefts targeting African banks continued its attacks on financial institutions on the continent well into 2022, according new research from Symantec.

Failles / vulnérabilités

Cyber criminals Exploiting OpenAI’s ChatGPT to Deploy Malware

Hackers are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets.

Hackers abuse Windows error reporting tool to deploy malware

Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system’s memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable.

Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month

South African threat actors known as ‘Automated Libra’ has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe ‘freejacking’ with the « Play and Run » technique to abuse free cloud resources.

Cryptominage: des pirates abusent des comptes gratuits de développement cloud – Le Monde Informatique

Plus de 130 000 comptes ont été créés auprès de fournisseurs de solutions de développement cloud incluant GitHub, Heroku et Togglebox par le cybergang Automated Libra de façon industrielle. Objectif : réaliser du cryptominage à grande échelle Prévues pour les tests les offres gratuites des fournisseurs de développement cloud peuvent avoir une face plus sombre.

Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices.

Log4Shell restera une menace importante en 2023 – Le Monde Informatique

Il est probable que la vulnérabilité Log4Shell continuera à être exploitée, car les entreprises manquent de visibilité sur leur chaîne d’approvisionnement logicielle. Un an après l’application de correctifs, et malgré l’attention dont elle a bénéficié, la vulnérabilité critique Log4Shell, qui a touché des millions d’applications d’entreprise, demeure une cause fréquente de failles de sécurité, et elle devrait rester une cible privilégiée pendant un certain temps encore.

Justice / police / réglementation

European regulators fine Meta over $400 million for targeted ad program

Written by Tonya Riley Jan 4, 2023 | CYBERSCOOP Irish regulators fined Meta 390 million euros, or roughly $414 million, Wednesday for allegedly forcing users into its targeted advertising program in violation of Europe’s landmark privacy law.

Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking

Google has agreed to pay $29.5 million to settle lawsuits brought by Indiana and Washington, D.C. over its « deceptive » location tracking practices.



La police criminelle investit le Métavers

En octobre 2022, l’Agence européenne de police criminelle (Europol) et l’Organisation internationale de police criminelle (Interpol) ont chacune publié leur propre rapport sur le Métavers. La raison ? Elles souhaitent investir ce monde virtuel pour l’expérimenter afin de mieux comprendre les manières dont il peut être régulé et utilisé par la police.

Ukraine shuts down fraudulent call center claiming 18,000 victims

A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security employees at their banks. They contacted the victims, claimed that their bank accounts had been accessed by attackers, and requested financial information claiming it was needed to prevent fraud but, instead, emptied their bank accounts.

un petit clic pour ma veille
un super clic pour la maintenance du blog

Veilleur et spécialiste en cybersécurité

Comments are closed.

S'incrire à la newsletter

Inscrivez-vous et recevez la synthèse des nouveaux articles directement dans votre boîte aux lettres.

Merci pour votre inscription !

Un erreur s'est produite. Merci d'essayer à nouveau ou utiliser le formulaire disponible dans la barre latérale du site.

Send this to a friend