Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
BidenCash market leaks over 2 million stolen credit cards for free
A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible.
Ransomware gang leaks data stolen from City of Oakland
The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack. The initial data leak consists of a 10GB multi-part RAR archive allegedly containing confidential documents, employee information, passports, and IDs. « Private and personal confidential data, financial information.
Hackers steal gun owners’ data from firearm auction website
Data was taken from the website GunAuction.com, a site that since 1998 allows people to put guns for auction online.
PayPal Sued Over Data Breach that Impacted 35,000 users
In December 2022, PayPal announced a data breach, but it claimed that the login credentials used in the attack were not obtained from its network.
Polish Politician’s Phone Patrolled by Pegasus
Source: Perter Probst via Alamy Stock Photo Polish special services reportedly used the infamous Pegasus mobile spyware to monitor the phone of a mayor backing government opposition, according to a new report.
Cyberattaques / fraudes
US Marshals Ransomware Hit Is ‘Major’ Incident
Unknown attackers made off with a raft of PII, the Justice Department says – but witnesses in the protection program are still safe. Source: Daniren via Alamy Stock Photo The US Marshals Service (USMS), which is tasked with hunting down fugitives and administering the Witness Security Program, was hit with a « major » ransomware incident and data breach in mid-February, officials said.
LastPass DevOps Engineer Targeted for Cloud Decryption Keys
The threat actors who broke into password management firm LastPass’s development environment last August used information gathered from that incident for a follow-on attack, the company confirmed. The cyberattackers were able to access and exfiltrate data from an encrypted cloud storage service housing a backup of LastPass customer and vault data.
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester | CISA
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity.
FBI and CISA warn of increasing Royal ransomware attack risks
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education. This follows an advisory issued by the Department of Health and Human Services (HHS), whose security team revealed in December 2022 that the ransomware operation had been linked to multiple attacks against U.S.
La mairie de Lille frappée par une cyberattaque
La mairie de Lille (Nord) a annoncé, mercredi 1er mars, avoir été victime d’une cyberattaque. « L’ensemble des services publics est maintenu, à l’Hôtel de Ville, dans les mairies de quartiers et l’ensemble de nos équipements avec un fonctionnement adapté », écrit la Ville dans un communiqué.
Dish admitted that recent outage was caused by a ransomware
Satellite TV giant Dish Network finally admitted that the recent outage was caused by a ransomware attack. The American satellite broadcast provider went offline on February 24, 2023, the outage impacted Dish.com, Dish Anywhere app, and many other services owned by the company.
Failles / vulnérabilités
Signal CEO: We « 1,000% won’t participate » in UK law to weaken encryption
The nonprofit responsible for the Signal messenger app is prepared to exit the UK if the country requires providers of encrypted communications to alter their products to ensure user messages are free of material that’s harmful to children.
Serious API security flaws now fixed in Booking.com could affect many more websites
Salt Security, the API security company, has released new threat research from Salt Labs highlighting several critical security flaws in Booking.com. The now remediated flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilised by Booking.com, which had the potential to affect any users logging into the site through their Facebook accounts.
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
Justice / police / réglementation
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Dutch police announced late last week that they’d arrested three young men, aged between 18 and 21, suspected of cybercrimes involving breaking in, stealing data, and then demanding hush money. The charges include: computer intrusion, data theft, extortion, blackmail, and money laundering.
Suisse: Un hypermarché de la drogue en ligne démantelé
Suisse Un hypermarché de la drogue en ligne démantelé Après des mois d’enquête, la police bernoise a stoppé un important commerce de drogue qui a généré des millions de francs.
Australian woman arrested for email bombing a government office
The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament. Email bombing is an online attack where attackers bombard an email address with thousands of emails to overwhelm a recipient’s inbox or mail server.
Suisse
La Russie met l’app suisse Threema sur sa liste noire
Les agences gouvernementales russes ne sont plus autorisées à employer toute une liste d’apps de communication étrangères, averti le gendarme russe d’internet Roskomnazdor. L’application suisse Threema est concernée aux côtés d’une dizaine d’autres dont Teams, Discord, Telegram et WhatsApp.
Cybersécurité: les ONG humanitaires aidées par un centre fondé à Genève
Les ONG humanitaires vont pouvoir disposer d’un soutien en matière de cybersécurité. Le Humanitarian Cybersecurity Center (HCC) voit le jour à Genève. Créé par le Cyberpeace Institute fondé en 2019, ce centre entend proposer une aide adaptée à ces organisations à l’international, indique le communiqué.
42 lance un Institut de cyberdéfense appliquée
Ecole 42 Lausanne compte développer un Institut de cybersécurtié appliquée. Ouverte également aux étudiants d’autres écoles, la structure a pour objectif de développer les talents du domaine et d’établir des liens avec les entreprises qui peinent à trouver des spécialistes.
Divers
Canada is going to ban TikTok on government mobile devices
Canada is going to ban the popular Chinese video-sharing app TikTok from the mobile devices of its employees over security concerns. The app will be removed from government devices this week. The app « presents an unacceptable level of risk to privacy and security, » explained Canada’s chief information officer.
White House releases an ambitious National Cybersecurity Strategy
The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates « roles, responsibilities, and resources in cyberspace. » The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations.
Après les Etats-Unis, le Parlement européen interdit à son tour TikTok à son personnel
Après les agences fédérales américaines, le Parlement européen a annoncé mardi qu’il avait à son tour décidé d’interdire TikTok sur les téléphones professionnels de ses employés pour des raisons de sécurité. Cette interdiction s’applique aussi aux appareils mobiles personnels de ces employés sur lesquels sont installés un accès aux courriels du Parlement et d’autres accès au réseau, a indiqué un responsable européen.
1 Comment
Post a comment Annuler la réponse
Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.
Pingback: Veille Cyber N430 – 13 mars 2023 |