Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked
Instant Checkmate and TruthFinder have suffered a data breach, which has been confirmed by their parent company, PeopleConnect.
Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance
The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. The huge trove of data was leased by an affiliate of Anonymous’s affiliate group called Caxxii. The stolen documents contain evidence of a dragnet surveillance activity conducted by the intelligence service FSB.
Ransomware crooks steal 3m+ patients’ sensitive info
Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December.
List of Proxy IPs Exposed to Block Killnet’s DDoS Bots
Kallnet is a pro-Russian group known for targeting hospitals and other critical infrastructure in countries unfriendly to Russia.
Cyberattaques / fraudes
Reddit admits it was hacked and data stolen, says « Don’t panic »
Popular social media site Reddit – « orange Usenet with ads », as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen.
Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw
The Clop ransomware group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability ( CVE-2023-0669) in Fortra’s GoAnywhere MFT secure file transfer tool, BleepingComputer reported . Fortra immediately addressed the flaw with the release of emergency security patch and urged customers to install it.
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack
Royal Mail in the UK has reopened following a cyber attack last month that has since been identified as Lockbit, a Russia-linked ransomware gang. The gang has demanded a ransom in exchange for data stolen on January 10 and threatened to release it to the public if Royal Mail does not comply, TechCrunch reported.
Russian hackers are trying to break into ChatGPT, says Check Point
All manner of threat actors are trying to compromise OpenAI’s ChatGPT program, according to cybersecurity company Check Point Software Technologies. « At Check Point Research, we can see the Russians trying to break through the geo-regional restrictions put in place around ChatGPT, » said Pete Nicoletti, field chief information security officer for Check Point, in a small gathering of reporters Thursday during the company’s customer and partner event in New York City.
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn
North Korea is deploying ransomware in the health care sector to supplement cyber ops against the U.S. and South Korean governments, according to a joint alert released Thursday from multiple U.S. and South Korean agencies.
Failles / vulnérabilités
Toyota sealed up a backdoor to its global supplier management network
Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage A security researcher said he hacked into Toyota’s supplier management network and was able to access sensitive data associated with around 3,000 suppliers and 14,000 users worldwide. Eaton Zveare compromised a web application used by Toyota employees and suppliers to coordinate projects, and containing details about parts, surveys, and purchases.
Justice / police / réglementation
Police hacked Exclu ‘secure’ message platform to snoop on criminals
The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations. The operation consisted of two separate investigations starting in September 2020 and April 2022, when the police also carried out 79 targeted searches in the Netherlands, Germany, and Belgium and arrested 42 people.
Finnish psychotherapy extortion suspect arrested in France
In October 2022, we asked you to imagine being stuck in the following awful situation: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family…
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating » Trickbot, » a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S.
Russian man pleads guilty to laundering Ryuk ransomware money
Russian citizen Denis Mihaqlovic Dubnikov pleaded guilty on Tuesday to laundering money for the notorious Ryuk ransomware group for over three years. The guilty plea comes after Dubnikov, a former crypto-exchange executive and the co-founder of crypto trading platforms Coyote Crypto and Eggchange, was arrested in Amsterdam in November 2021 and extradited to the United States in August 2022.
Suisse
Une campagne de phishing fictive pour sensibiliser 25 PME romandes à la cybersécurité
La première édition de « Trust4SMEs » s’est conclue en présence des 25 PME lémaniques qui y ont participé à ce programme d’accompagnement en cybersécurité. Focalisée sur la sensibilisation des utilisateurs, la matinée a aussi révélé les résultats d’une campagne de phishing inoffensive envoyée à quelque 2’500 employés des PME.
Attaque via VMware ESXi: des serveurs suisses touchés, un script de récupération disponible
La vague actuelle de cyberattaques visant les systèmes ESXi de VMware s’étend. Après les agences spécialisées italiennes et françaises, l’Office fédéral allemand de la sécurité informatique (BSI) fait également état de plus d’une centaines d’organisations touchées en Allemagne. > News originale du 06.02.2023: Cyberattaque massive via une faille dans l’hyperviseur ESXi de VMware La Suisse ne semble pas être épargnée.
Des cyberpirates se sont introduits dans le réseau des CFF
Les CFF ont été ciblés par une cyberattaque le weekend dernier. L’information est rapportée par Watson sur la base d’un mail adressé aux employés. Les CFF ont confirmé l’attaque au média en ligne et précisé qu’aucune donnée client n’est compromise. Les opérations ferroviaires ne sont pas impactées.
Cyberattaque contre l’Université de Zurich: des accès aux serveurs vendus sur le darkweb (update)
Des cybercriminels ont pris l’Université de Zurich pour cible. L’établissement demande à ses collaborateurs et à ses étudiants de modifier leurs mots de passe. Des données de connexion aux serveurs de l’université avaient préalablement été mises en vente sur un forum de cyberpirates.
Les entreprises devront elles aussi employer SwissID pour se connecter à La Poste
Le remplacement de la procédure de login à La Poste Suisse progresse. Le groupe avait annoncé en avril 2022 son projet d’abandonner son système « Login client Poste » au profit de la SwissID. Le changement pour les clients privés est en cours depuis l’été 2022, indique la Poste.
Divers
FBI Finds New Information About Chinese Spy Balloon
We’re learning new information about the suspected Chinese surveillance balloon that was shot down off the coast of South Carolina on Saturday. A State Department spokesperson said the balloon was able to collect communications and data via a satellite and had « multiple antennas » in addition to other equipment used « clearly for intelligence surveillance, » reported.
Australia to Rip Out 900 Chinese-Made Security Cams From Gov. Offices
The Australian Defense Department will rip out more than 900 Chinese-made security devices from government buildings over fears they could enable spying by China. Australian officials announced the move after a six-month audit revealed the flabbergasting number cameras, access control systems, and intercoms made by the Chinese companies Hikvision and Dahua in government buildings earlier this week.
Singapore officially deactivates contact tracing system, to ‘refurbish’ wearables
Singapore is officially turning off its COVID-19 contact tracing system amidst plans to further ease travel restrictions, as the country exits the « acute phase » of the pandemic. Plans also are in place to retrieve millions of Bluetooth-enabled wearables, distributed nationwide to detect and monitor user proximity, so these can be « refurbished and recycled » for future use when needed.
