Un hold-up de 150 Mios $ et le code de Windows XP dans la nature #veille (27 sept. 2020)

Offrez un café pour soutenir cette veille indépendante.

📚 Lecture conseillée : Cybersécurité : tests d’intrusion des systèmes d’informations web: Le guide des vulnérabilités web — 📘 Voir sur Amazon

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Windows XP source code leaked online, on 4chan, out of all places
Source code for several operating systems, including Windows XP and Windows Server 2003, leaked in 42.9 torrent file.

Biélorussie : des hackers diffusent les informations personnelles de 1.000 policiers
Alors que le pouvoir s’enfonce dans une réponse de plus en plus autoritaire en s’en prenant violemment aux manifestants pacifiques des hackers organisent une contre-attaque à base de publication de données personnelles.

India’s COVID-19 surveillance tool exposed millions of user data
The COVID-19 surveillance tool built by the Uttar Pradesh state government has put data of approx. 8 million Indian citizens at risk.

Details of 540,000 sports referees taken in failed ransomware attack
ArbiterSports said it paid the hackers to delete the stolen data – a database backup.

Louis Vuitton fixes data leak and account takeover vulnerability
French fashion and luxury merchandise company Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets.

Strava app shows your info to nearby users unless this setting is disabled
Popular running and cycling app Strava exposes information on nearby strangers which has sparked privacy concerns among its users. Some fear this functionality can be abused for stalking and « predatory » motives.

U.S. fitness chains suffer data breach affecting 600K customers
New York fitness chain Town Sports has suffered a data breach after a database containing the personal information of over 600,000 people was exposed on the Internet.

Cyber-attaques / fraudes

KuCoin cryptocurrency exchange hacked for $150 million
KuCoin said an intruder drained all its hot wallets today.

https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency/#ftag=RSSbaffb68

Covid-19: Des hackers chinois volent des données liées à la recherche vaccinale espagnole
Une campagne de cyberattaques cible des laboratoires espagnols travaillant sur un vaccin contre le Covid-19. Des données médicales ont été…-Cybersécurité

Government software provider Tyler Technologies hit by ransomware
Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations.

Ray-Ban owner Luxottica confirms ransomware attack, work disrupted
Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China.

Russian hackers use fake NATO training docs to breach govt networks
Russian cyber espionage group known by names, Fancy Bear and APT28 has been behind a targeted attack campaign aimed at government bodies. The group delivers a hard-to-detect strand of Zebrocy Delphi malware under the pretense of providing NATO training materials.

Ukraine National Police website down after hacker intrusion
The cyberattack on the Ukraine National Police website carried out around 11:45 Wednesday, 23 September 2020 (EEST).

Fatal Hospital Hack Linked to Russia
German hospital cyber-attack that contributed to a woman’s death linked to Russian ransomware

Le cheval de Troie bancaire » Alien « , nouveau cauchemar des utilisateurs Android
Né sur les cendres de Cerberus, ce nouveau malware cible plus de 200 applications bancaires sur les smartphones des utilisateurs européens, y compris français.

Failles / vulnérabilités

US govt orders federal agencies to patch dangerous Zerologon bug by Monday
DHS CISA tells government agencies to patch Zerologon bug by Monday, citing « unacceptable risk » posed to federal networks.

Twitter is warning devs that API keys and tokens may have leaked
Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache.

Hackers sell access to your network via remote management apps
Remote monitoring and management (RMM) software is starting to get attention from hackers as this type of tools provides access to multiple machines across the network.

Réglementaire / juridique

Dark web : un vaste coup de filet conduit à l’arrestation de 179 dealers
Les forces de police américaines se sont unies à Europol dans le cadre de cette opération dénommée DisrupTor.

Arrested: ‘4 most active hackers’ involved in SIM Swap, malware attacks
Hackers across Poland are on the run as Polish police have launched a countrywide crackdown in collaboration with Europol.

Student Arrested Over Cyber-attacks on Indiana Schools
13-year-old student arrested for allegedly hacking into Indiana school system

German investigators treating ransomware attack as negligent homicide, reports say
If confirmed, it would be the first documented case of a death stemming from a cyberattack, analysts say.

Cinq ans de prison pour un hacker qui avait piraté une célèbre clinique de chirurgie esthétique
Lors de son procès, l’homme a éclaté en sanglots et promis qu’il ne toucherait plus jamais un ordinateur.

Polish police shut down major group of hackers in the country
Polish police dismantled a major hacker group that was behind several criminal activities, including ransomware attacks, and banking fraud.

Divers

German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) – including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more.

Internet Crime Complaint Center (IC3) | Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the potential threat posed by attempts to spread disinformation regarding the results of the 2020 elections.

💡 Ne manquez plus l'essentiel
Recevez les analyses et tendances cybersécurité directement dans votre boîte mail.

💡 Note : Certaines images ou extraits présents dans cet article proviennent de sources externes citées à des fins d’illustration ou de veille. Ce site est indépendant et à but non lucratif. 👉 En savoir plus sur notre cadre d’utilisation.

Vous appréciez ces analyses ?
Soutenez DCOD en offrant un café ☕

💡 Ne manquez plus l’essentiel

Les derniers articles

Toutes les catégories

Un hold-up de 150 Mios $ et le code de Windows XP dans la nature #veille (27 sept. 2020)

Vol / perte de données

Cyber-attaques / fraudes

Failles / vulnérabilités

Réglementaire / juridique

Divers

Etiquettes

1 commentaire

Des idées de lecture cybersécurité