Des cyber-attaques pour créer de vrais dangereux virus #veille (6 déc 2020)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

L'essentiel Cybersécurité, IA & Tech

Rejoignez la communauté. 3 fois par semaine, recevez l'analyse des tendances par Marc Barbezat. Pas de spam, juste de l'info.

Ou suivez le flux temps réel

Vol / perte de données

Data of 243 million Brazilians exposed online via website source code
The password to access a highly sensitive Ministry of Health database was stored inside a government site’s source code.

The password to access a highly sensitive Ministry of Health database was stored inside a government site’s source code.

https://cybernews.com/security/french-pharmaceuticals-distribution-platform-leaking-1-7-tb-confidential-data/

Cayman Islands Bank Records Exposed in Open Azure Blob
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.

Un hacker revend les données personnelles de grands directeurs sur un forum russophone
Un hacker mène une vaste opération de revente de combinaisons d’e-mails et de mots de passe de comptes Office 365 sur un forum russophone.

Cyberattaques / fraudes

Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain,’ Though Motives Remain Unknown
Hackers « assumed to be state agents » have been waging a phishing campaign against pharmaceutical firms and other institutions involved in the forthcoming distribution of a vaccine against covid-19, IBM announced on Thursday.

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins
The research highlights the potential dangers of new ‘biohacking’ techniques.

Software used to design and manage synthetic DNA projects may also be susceptible to man in-the-browser attacks that can be used to inject arbitrary DNA strings into genetic orders, facilitating what the team calls an « end-to-end cyberbiological attack. »

Manchester United Cyberattack Highlights Controversy in Paying Ransomw
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: wh

North Korean hackers ramp up coronavirus vaccine targeting
An espionage shop with suspected ties to the North Korean government has been on a hacking spree targeting companies working on coronavirus vaccines.

Vancouver Metro Disrupted by Egregor Ransomware
The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.

Royal Dutch Cycling Union Disclosed Ransomware Attack
Joining the list of latest cyberattack victims, now comes a Dutch national governing body. Reportedly, the Royal Dutch Cycling Union has suffered a ransomware attack. The attackers have demanded ransom for the entity to regain

Russian hacking group uses Dropbox to store malware-stolen data
Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country.

Ransomware Attack Closes Baltimore County Public Schools (Published 2020)
The attack, first discovered late Tuesday, disrupted the district’s websites and remote learning programs, as well as its grading and email systems, officials said.

Hacker-for-hire group develops new stealthy Windows backdoor
Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker.

Quand l’aspirateur-robot se transforme en espion
Des chercheurs en sécurité ont mis au point une attaque qui exploite le capteur lidar d’appareils connectés pour aspirer des conversations.

Failles / vulnérabilités

FBI warns of email forwarding rules being abused in recent hacks
FBI: « The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cyber security administrators. »

Android apps with 200 million installs vulnerable to security bug
Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020.

Manipulating Systems Using Remote Lasers
Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers-from as far as 360 feet-at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]

Réglementaire / juridique

https://hotforsecurity.bitdefender.com/blog/italian-police-arrest-criminals-accused-of-robbing-atms-with-purpose-built-black-boxes-24776.html

Le service mail » le plus sécurisé au monde » contraint d’intégrer une backdoor pour la police
Cette histoire rappelle que seuls les messages chiffrés de bout en bout ne peuvent véritablement être à l’abri d’une surveillance.

Hacker Gets 8 Years in Prison for Threats to Schools, Airlines
A North Carolina man was sentenced to 95 months in federal prison for his involvement in multiple cyber and swatting attacks.

Divers

L’app suisse Threema, alternative à WhatsApp, jugée très sûre
L’application Threema a réussi haut la main un contrôle de cybersécurité exécuté par des experts informatiques indépendants.

Zéro paywall. Zéro pub.
DCOD reste en accès libre grâce à vos contributions. Chaque café compte.

☕ Je participe

Navigation

Les derniers articles

Faux WhatsApp sur iOS : 200 victimes d’un spyware italien alertées

Rapport OFCS : Akira s’impose comme le prédateur numéro 1 en Suisse

LinkedIn scanne secrètement 6’000+ extensions pour surveiller ses membres

IA & Cybersécurité : les 6 actus clés du 8 avr 2026

Suivez en direct

Des cyber-attaques pour créer de vrais dangereux virus #veille (6 déc 2020)

L'essentiel Cybersécurité, IA & Tech

Vol / perte de données

Data of 243 million Brazilians exposed online via website source code

Cayman Islands Bank Records Exposed in Open Azure Blob

Un hacker revend les données personnelles de grands directeurs sur un forum russophone

Cyberattaques / fraudes

Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain,’ Though Motives Remain Unknown

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins

Manchester United Cyberattack Highlights Controversy in Paying Ransomw

North Korean hackers ramp up coronavirus vaccine targeting

Vancouver Metro Disrupted by Egregor Ransomware

Royal Dutch Cycling Union Disclosed Ransomware Attack

Russian hacking group uses Dropbox to store malware-stolen data

Ransomware Attack Closes Baltimore County Public Schools (Published 2020)

Hacker-for-hire group develops new stealthy Windows backdoor

Quand l’aspirateur-robot se transforme en espion

Failles / vulnérabilités

FBI warns of email forwarding rules being abused in recent hacks

Android apps with 200 million installs vulnerable to security bug

Manipulating Systems Using Remote Lasers

Réglementaire / juridique

Le service mail » le plus sécurisé au monde » contraint d’intégrer une backdoor pour la police

Hacker Gets 8 Years in Prison for Threats to Schools, Airlines

Divers

L’app suisse Threema, alternative à WhatsApp, jugée très sûre

Etiquettes

Marc Barbezat

1 commentaire

Des idées de lecture recommandées par DCOD

Navigation

Les derniers articles

Suivez en direct

L'essentiel Cybersécurité, IA & Tech

Vol / perte de données

Cyberattaques / fraudes

Failles / vulnérabilités

Réglementaire / juridique

Divers

Etiquettes

A lire également

1 commentaire

Des idées de lecture recommandées par DCOD

Un café pour DCOD ?