Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
BidenCash market leaks over 2 million stolen credit cards for free
A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.
Ransomware gang leaks data stolen from City of Oakland
The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack.
Hackers steal gun owners’ data from firearm auction website
Data was taken from the website GunAuction.com, a site that since 1998 allows people to put guns for auction online.
PayPal Sued Over Data Breach that Impacted 35,000 users
In December 2022, PayPal announced a data breach, but it claimed that the login credentials used in the attack were not obtained from its network.
Polish Politician’s Phone Patrolled by Pegasus
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware.
Cyberattaques / fraudes
US Marshals Ransomware Hit Is ‘Major’ Incident
Unknown attackers made off with a raft of PII, the Justice Department says – but witnesses in the protection program are still safe.
LastPass DevOps Engineer Targeted for Cloud Decryption Keys
The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says.
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester | CISA
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity.
FBI and CISA warn of increasing Royal ransomware attack risks
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.
Frappée par une cyberattaque, la mairie de Lille a reçu une demande de rançon
Quatre agents municipaux ont reçu une demande de rançon. Plusieurs services publics sont perturbés depuis deux…-Cybersécurité
Dish admitted that recent outage was caused by a ransomware
Satellite TV giant Dish Network has confirmed that the recent outage was caused by a ransomware attack, it also disclosed a data breach.
Failles / vulnérabilités
Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption
The UK’s Safety Online Bill would require Signal to police user messages.
Serious API security flaws now fixed in Booking.com could affect many more websites
Salt Security, the API security company, has released new threat research from Salt Labs highlighting several critical security flaws in Booking.com. The now re
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
Justice / police / réglementation
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?
Suisse: Un hypermarché de la drogue en ligne démantelé
Après des mois d’enquête, la police bernoise a stoppé un important commerce de drogue qui a généré des millions de francs.
Australian woman arrested for email bombing a government office
The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament.
Suisse
La Russie met l’app suisse Threema sur sa liste noire
Comme WhatsApp et Microsoft Teams, l’app suisse Threema est sur la liste noire du gendarme russe d’internet. Par crainte d’espionnage, les agences gouvernementales russes ne sont plus autorisées à s’en servir.
Cybersécurité: les ONG humanitaires aidées par un centre fondé à Genève
Basé à Genève, le Cyberpeace Institute annonce la création d’un centre de cybersécurité venant en aide aux ONG du secteur humanitaire. Un réseau d’experts bénévoles est impliqué.
42 lance un Institut de cyberdéfense appliquée
Ecole 42 Lausanne compte développer un Institut de cybersécurtié appliquée. Ouverte également aux étudiants d’autres écoles, la structure a pour objectif de développer les talents du domaine et d’établir des liens avec les entreprises qui peinent à trouver des spécialistes.
Divers
Canada is going to ban TikTok on government mobile devices
The Canadian government announced it will ban the video app TikTok from all government-issued devices over security concerns.
White House releases an ambitious National Cybersecurity Strategy
The Biden administration’s National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
Après les Etats-Unis, le Parlement européen interdit à son tour TikTok à son personnel
Après les agences fédérales américaines, le Parlement européen a annoncé mardi qu’il avait à son tour décidé d’interdire TikTok sur les téléphones professionnels de ses employés pour des raisons de sécurité.
1 commentaire
Commentaires désactivés.