Voici le rapport de veille avec des liens directs vers les actus les plus intéressantes de la semaine passée. Certaines d’entre elles seront développées dans les prochains articles.

Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !

Les actus sélectionnées cette semaine

Software Vendor Attack Slows Down 2 UK Ambulance Services A cyberattack against a Swedish software and services vendor has reportedly severed access to digital health records for at least two National Health Service

Russia Sends Cybersecurity CEO to Jail for 14 Years The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russia’s largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions.

North Korean Hackers Bag Another $100m in Crypto Heists Two new breaches traced back to prolific Lazarus group

12 Norwegian Ministries Impacted in ICT Platform Hack Unknown hackers attacked a dozen Norwegian government ministries through a zero day vulnerability present in a shared digital platform, the Oslo government

Latest MOVEit Data Breach Victim Tally: 455 Organizations More details about victims of the Clop crime group’s zero-day attacks on users of the widely used MOVEit file transfer software continue to come to light.

Zero-Day Vulnerabilities Discovered in Global Emergency Services Communications Protocol Weak encryption algorithms leave radio communications open to attack and abuse.

Over 19 Million Password Logs Sold on the Dark Web and Telegram The exponential growth of info stealers has become a significant threat to all organizations, chatGPT, and increased cybercrime.

NATO investigates alleged data theft by SiegedSec hackers NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec.

SEC now requires companies to disclose cyberattacks in 4 days The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.

BreachForums database and private chats for sale in hacker data breach While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned.

Après WormGPT, les cybercriminels livrent FraudGPT – Le Monde Informatique Sécurité : L’IA générative continue de trouver sa place dans l’arsenal des cybercriminels. Après WormGPT, des chercheurs ont débusqué un autre outil du même…

Objets Connectés : Pour protéger toute personne du suivi Bluetooth indésirable sur Android, Google propose désormais des alertes de suivi de traceurs inconnus ainsi que…

SEC: Public companies must report cyberattacks within four days | Engadget In a move to prevent public companies from delaying news about cyberattacks, the US Security and Exchange Commission has set a four-day deadline to disclose “material cybersecurity incidents.”.

Hackers exploit Citrix zero-day to target US critical infrastructure | TechCrunch Thousands of organizations could be at risk from a Citrix zero-day that hackers have already abused to target U.S. critical infrastructure.

North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Mandiant security researchers say the North Korean hackers behind the JumpCloud breach mistakenly exposed their real-world IP addresses.

Thales enters app security market with $3.6B Imperva acquisition | TechCrunch French aerospace and defence group Thales is procuring cybersecurity company Imperva from Thoma Bravo in a deal worth $3.6 billion.

Ivanti rushes to patch zero-day used to breach Norway’s government | TechCrunch Hackers exploited a previously undiscovered flaw in Ivanti’s MDM software to compromise a dozen Norwegian government agencies.

US government contractor says MOVEit hackers accessed health data of ‘at least’ 8 million individuals | TechCrunch Maximus, a U.S. government services company, says MOVEit hackers accessed the personal information of as many as 11 million individuals

Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Activision said it brought the 2009-released game offline while it investigates “an issue.”