L’hebdo des cyber-menaces (23 mai 2021)

Offrez un café pour soutenir cette veille indépendante.

📚💡️idée de lecture : Sécurité informatique - Ethical Hacking — 📘 Voir sur Amazon

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

Vol / perte de données

Indonesia ‘s government confirms social security data breach for some citizens
Indonesia launched an investigation into a possible incident that caused the leak of social security data for more than 270 million citizens

Data of 100+ million Android users exposed via misconfigured cloud services
Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services.

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
India’s flag carrier airline, Air India, suffers data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after.

Les données personnelles de 8 000 employés de Decathlon exposées (MAJ) – Le Monde Informatique
Données personnelles : Une enquête menée par VPNmentor montre que des données incluant noms, mails, photos et jetons d’authentification de près de 8 000 employés de…

Cyberattaques / fraudes

DarkSide ransomware made $90 million in just nine months
The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets.

https://grahamcluley.com/cyberinsurance-giant-axa-hit-by-ransomware-attack-after-saying-it-would-stop-covering-ransom-payments/

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern
The new SolarWinds timeline places the earliest activity at around eight months earlier than previously disclosed.

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline

FBI: Conti ransomware attacked 16 US healthcare, first responder orgs
The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen US healthcare and first responder organizations.

Florida water treatment plant was involved in second security incident before poisoning attempt: report
Cybersecurity company Dragos released a report this week showing a browser from the city of Oldsmar visited a website with malicious code the same day as another attack.

Irish officials analyze decryption tool as long recovery process from ransomware continues
FireEye is involved in the incident response, a spokesperson said.

New Zealand hospitals infected by ransomware, cancel some surgeries
Intrusion believed to have entered through email

Failles / vulnérabilités

DarkSide affiliates claim gang’s bitcoin deposit on hacker forum
Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum.

Justice / police / réglementation

IC3 Logs 6 Million Complaints | Federal Bureau of Investigation
A record-setting pace of reports to the FBI’s Internet Crime Complaint Center shows how pervasive cyber-enabled crimes and scams have become.

Irish High Court issues injunction to prevent HSE data leak
The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published.

Divers / Suisse

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps
New Report Explains How Apple Gave Chinese Government Access to iCloud Data and Censors Apps

La plateforme Mesvaccins.ch ne sera pas réactivée
Le site web Mesvaccins.ch, fermé fin mars sur ordre du Préposé fédéral à la protection des données, ne sera pas remis en ligne. La plateforme reste insuffisamment protégée contre les menaces de sécurité.

💡 Ne manquez plus l'essentiel
Recevez les analyses et tendances cybersécurité directement dans votre boîte mail.

💡 Note : Certaines images ou extraits présents dans cet article proviennent de sources externes citées à des fins d’illustration ou de veille. Ce site est indépendant et à but non lucratif. 👉 En savoir plus sur notre cadre d’utilisation.

Vous appréciez ces analyses ?
Soutenez DCOD en offrant un café ☕

💡 Ne manquez plus l’essentiel

Les derniers articles

WhatsApp : faille zero-click critique sur iOS et macOS corrigée

Les 10 directives essentielles pour renforcer sa cybersécurité en 2025

Proton déplace ses serveurs face aux lois suisses

Reconnaissance faciale: 4,7 millions de Britanniques scannés

Google victime d’une cyberattaque ciblant Salesforce

Toutes les catégories

L’hebdo des cyber-menaces (23 mai 2021)

Vol / perte de données

Data of 100+ million Android users exposed via misconfigured cloud services

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

Les données personnelles de 8 000 employés de Decathlon exposées (MAJ) – Le Monde Informatique

Cyberattaques / fraudes

DarkSide ransomware made $90 million in just nine months

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

FBI: Conti ransomware attacked 16 US healthcare, first responder orgs

Florida water treatment plant was involved in second security incident before poisoning attempt: report

Irish officials analyze decryption tool as long recovery process from ransomware continues

New Zealand hospitals infected by ransomware, cancel some surgeries

Failles / vulnérabilités

DarkSide affiliates claim gang’s bitcoin deposit on hacker forum

Justice / police / réglementation

IC3 Logs 6 Million Complaints | Federal Bureau of Investigation

Irish High Court issues injunction to prevent HSE data leak

Divers / Suisse

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

La plateforme Mesvaccins.ch ne sera pas réactivée

Etiquettes

Marc Barbezat

Des idées de lecture cybersécurité

WhatsApp : faille zero-click critique sur iOS et macOS corrigée

Les 10 directives essentielles pour renforcer sa cybersécurité en 2025

Proton déplace ses serveurs face aux lois suisses

Reconnaissance faciale: 4,7 millions de Britanniques scannés

Google victime d’une cyberattaque ciblant Salesforce