Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles.
Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉
Someone sent mysterious smartwatches to US Military personnel
U.S. Army’s Criminal Investigation Division warns that US military personnel have reported receiving unsolicited smartwatches in the mail.
LastPass users furious after being locked out due to MFA resets
LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps.
Hackers threaten to leak 80GB of confidential data stolen from Reddit
Hackers are threatening to release confidential data stolen from Reddit unless the company withdraws its controversial API price hikes
Hacker responsible for 2020 Twitter breach sentenced to prison
The hacker, known as PlugWalkJoe, was part of a group that broke into high-profile Twitter accounts in 2020 to spread cryptocurrency scams.
DOJ establishes cybercrime enforcement unit as U.S. warnings mount over Chinese hacking
Assistant Attorney General for National Security Matt Olsen said the center will speed up disruption campaigns and prosecutions.
BlackCat gang threatens to leak plastic surgery photos
Sharing a cancer patient’s nude snaps earlier wasn’t enough for these scumbags
Data Breach at New BreachForums: 4,000 members’ data leaked
BreachForums is a recently resurfaced alternative to the popular but now defunct Breach Forums, which was seized by RaidForums.
Military Satellite Access Sold on Russian Hacker Forum for $15,000
A hacker active on a Russian hacker forum has posted an ad offering access for sale to a military satellite operated by Maxar Technologies.
Chinese Espionage Malware Targets European Healthcare via USB Drives
The malware campaign has been attributed to the Chinese APT group Mustang Panda, also known as Camaro Dragon.
3CX data exposed, third-party to blame
A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data.
More than a million GitHub repositories potentially vulnerable to RepoJacking
Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking.
Reddit hackers threaten to leak data stolen in February breach
The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
American Airlines, Southwest Airlines disclose data breaches affecting pilots
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals.
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
Over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web. Cybercriminals are targeting the valuable information.
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Flea, a Chinese state-sponsored actor, strikes foreign affairs ministries and more with the powerful Graphican backdoor.
Schneider Power Meter Vulnerability Opens Door to Power Outages
A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.
CISA, FBI Offer $10M for Cl0p Ransomware Gang Information
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Under construction: The world’s leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking
Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.
Reddit hackers demand $4.5 million ransom and API pricing changes
Ransomware group BlackCat is claiming responsibility for a Reddit hack earlier this year. They demanded money and changes to Reddit’s controversial API policy in exchange for not leaking the stolen data.