Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !
Vol / perte de données
Over a billion records belonging to CVS Health exposed online
The exposure is another example of misconfiguration that can impact security.
Alibaba suffers billion-item data leak of usernames and mobile numbers
Shopping service Taobao scraped by affiliate marketer; developer and boss jailed
Poland blames Russia for breach, theft of Polish officials’ emails
Poland’s deputy prime minister Jarosław Kaczyński says last week’s breach of multiple Polish officials’ private email accounts was carried out from servers within the Russian Federation.
Audi, Volkswagen customer data being sold on a hacking forum
Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container.
Nintendo Says Another 140,000 Accounts May Have Been Exposed
Back in April, Nintendo confirmed that approximately 160,000 users had their accounts hacked. At the time, the company encouraged people to enable two-factor authentication and emailed individual customers who had been affected that it was resetting their Nintendo Network IDs (NNID). Now, after further investigation,…
Cyberattaques / fraudes
Biden says he gave Putin list of 16 sectors that should be off-limits to hacking
The bilateral meeting came weeks after two disruptive ransomware attacks.
A Genève, Biden et Poutine ont ouvert le dialogue sur les cyberattaques étatiques
Ce 16 juin à Genève, le sommet diplomatique entre Joe Biden et Vladimir Poutine a été l’occasion pour les deux présidents d’aborder les cyberattaques dont s’accusent mutuellement les deux pays. Ils ont convenu d’ouvrir des consultations sur ces questions.
Russian actors had access to Dutch police computer network during MH17 probe
Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report.
Criminals are mailing altered Ledger devices to steal cryptocurrency
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.
Failles / vulnérabilités
N Korean hackers used VPN flaws to breach S Korean atomic agency
It is reported that the organization was targeted by hackers in May, due to which Pyongyang might have acquired valuable technologies.
Les communications des premiers téléphones mobiles étaient volontairement exposées
Une porte dérobée semble avoir été implémentée dans leur chiffrement. Un article scientifique récemment publié, puis repéré par Motherboard, fait l’effet d’une bombe dans le milieu du chiffrement. Des chercheurs estiment que, non seulement la technologie qu’utilisaient les…
Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents
The research shows the limits of the cyber industry’s knowledge of Tehran-linked hacking against those who often bear the brunt of it.
Peloton Bike+ vulnerability allowed complete takeover of devices
A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone.
Three UK telco bug has customers receiving and making random calls
Customers of the Three UK telco company are panicking as they receive a series of random phone calls due to an ongoing issue. Likewise, outbound calls from customers are being routed to random strangers.
Justice / police / réglementation
Police Bust Major Ransomware Gang Cl0p
Police in Ukraine announced it arrested members of the ransomware gang that called itself Cl0p, seizing computers and cash in a major international operation.
Ukrainian Police Nab Six Tied to CLOP Ransomware
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland.
DOJ to Treat Ransomware Hacks Like Terrorism Now: Here’s the Full Memo
The U.S. Department of Justice plans to take a much harsher tack when pursuing cybercriminals involved in ransomware attacks-and will investigate them using similar strategies to the ones currently employed against foreign and domestic terrorists.
SEC settles with First American over massive leak of mortgage data, disclosure
Updated: First American has agreed to a penalty of close to half a million dollars.
Divers / Suisse
As vaccine passports morph into digital IDs, privacy advocates want to know that user data is protected
Vaccine passports might be clearing the runway for greater adoption of digital IDs. Privacy experts say there are still many unanswered questions.
Google force installs Massachusetts MassNotify Android COVID app
Google is force-installing a Massachusetts COVID-19 tracking app on residents’ Android devices without an easy way to uninstall it.
Visa et Mastercard concluent de nouveaux accords pour déployer la biométrie
Visa et Mastercard ont conclu de nouveaux partenariats pour déployer la biométrie dans de nouvelles régions du monde.
Une panne Akamai empêche l’accès à des sites bancaires et des compagnies aériennes – Le Monde Informatique
Réseau : Une dizaine de jours après le fournisseur CDN Fastly, c’est au tour d’Akamai d’être confronté à une panne. De nombreux sites incluant American…
Zéro paywall. Zéro pub.
DCOD reste en accès libre grâce à vos contributions. Chaque café compte.
