Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !
Vol / perte de données
Microsoft exposed 250 million customer support records | WeLiveSecurity
Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration.
Mitsubishi Electric discloses data breach, possible data leak – Help Net Security
Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach and that PI and corporate information may have been leaked.
Buchbinder Car Renter Exposes Info of Over 3 Million Customers
German car rental company Buchbinder exposed the personal information of over 3.1 million customers including federal ministry employees, diplomats, and celebrities, all of it stored within a ten terabytes MSSQL backup database left unsecured on the Internet.
UPS Says Phishing Incident Might Have Exposed Some Customers’ Data
The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers.
Cyber-attaques / fraudes
UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone
Digital forensic evidence points to the phone’s massive, months-long data egress having likely been triggered by Pegasus mobile spyware.
Opinion | Jeff Bezos’ Phone Hack Should Terrify Everyone (Published 2020)
Those with the most to lose don’t always safeguard their privacy very well. You can do better.
Greek Government websites hit by DDoS attacks, it’s the second time
Greek government said that a cyber attack hit the official state websites of the prime minister, the national police and fire service and several ministries
City of Potsdam Servers Offline Following Cyberattack
The City of Potsdam severed the administration servers’ Internet connection following an attack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected.
Suspected Iranian hacking campaign targets European energy companies
Researchers at Recorded Future have linked trojan malware intrusions and espionage to a state-backed hacking operation working out of Iran.
Hackers target unpatched Citrix servers to deploy ransomware
REvil ransomware gang has been spotted abusing Citrix bug to infect victims.
Ransomware Payments Doubled While Downtime Grew in Q4
Coveware data highlights pervasive threat from online extortion
Failles / vulnérabilités
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks
Mozilla’s security staff is cracking down on malicious Firefox add-ons.
US Issues Cybersecurity Warnings Over Flawed Medical Devices
US warns that GE CARESCAPE, ApexPro, and Clinical Information Center systems are exploitable
Réglementaire / juridique
Judge forces insurer to help small business to clean up after a crippling ransomware attack
The ruling adds some clarity to the otherwise murky world of cyber-related insurance claims.
New York state wants to ban government agencies from paying ransomware demands
Another NY Senate bill would create a cyber security enhancement fund and restricting the use of taxpayer moneys in paying ransoms
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
Interpol and Indonesian National Police have arrested 3 Credit Card hackers linked to Magecart attacks.
Russian Pleads Guilty to Running Online Criminal Marketplace
Aleksei Burkov admits selling stolen credit card credentials via the website Cardplanet
US Journalist Denounced for Alleged Involvement with Brazilian Criminal Organization
Brazilian prosecutors accuse US journalist Glenn Greenwald of involvement with a phone-hacking gang
L’espion et le gendarme qui aimaient un peu trop le dark Web
En septembre 2018, on apprenait dans la presse l’arrestation de Haurus, un agent de la DGSI soupçonné d’avoir monnayé ses services sur la place de marché illégale Black Hand. L’enquête vient de s’achever, selon le Parisien qui révèle également qu’une enquête est en cours sur un ancien gendarme pour des faits similaires.
Divers
Lancement officiel de la Swiss Digital Initiative au WEF 2020
La SDI, présidée par Doris Leuthard, a présenté à Davos son premier projet, le développement d’un label de confiance numérique.
Half a Million IoT Device Passwords Published
It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) « smart » devices.
Le Préposé fédéral à la protection des données s’inquiète des dérives de Clearview
Avec la médiatisation de l’application Clearview, qui siphonne les données des utilisateurs des réseaux sociaux pour mettre un nom sur un visage en quelques secondes, le préposé fédéral à la protection des données a émis ses recommandations pour la Suisse.
💡 Ne manquez plus l'essentiel
Recevez les analyses et tendances cybersécurité directement dans votre boîte mail.
Offrez un café pour soutenir cette veille indépendante
☕ Je soutiens DCOD
Vous appréciez nos analyses ?
Soutenez DCOD en offrant un café ☕
1 commentaire
Commentaires désactivés.