Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Online avatar service Gravatar allows mass collection of user info
A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots.
French Transport Giant Exposes 57,000 Employees and Source Code
API keys in data leak could have given access to GitHub account
Volvo announces some R&D files stolen during cyberattack
The company did not confirm whether it was a ransomware attack.
Cyberattaques / fraudes
Cyber-Attack on Hellmann Worldwide Logistics
German logistics firm unable to rule out data leakages or unauthorized use of data
Spar shops across northern England close after cyber attack
Franchisees’ closures also affect petrol stations
Le ransomware BlackCat prêt à faire un malheur – Le Monde Informatique
Intrusion, Hacking et Pare-feu : S’attaquant à ses victimes en volant et chiffrant leurs données puis en menaçant de les publier en cas de non versement de rançon, BlackCat se…
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.
Ransomware Jerks Helped Cause the Cream Cheese Shortage
One of the nation’s biggest cream cheese manufacturers had a production shortfall due to a ransomware attack in October.
Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes
Hackers claimed to have copied and deleted 50TB worth of data from internal systems.
Massive attack against 1.6 million WordPress sites underway
Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites.
Ransomware attack locks hotel guests out of rooms
Earlier this week, Nordic Choice Hotels announced an attack on its IT systems, which they believed to be a « computer virus ». However it has since been reve
BitMart : des pirates ont siphonné plus de 150 millions de dollars en cryptoactifs
La place de marché s’est fait subtiliser la clé privée de deux de ses portefeuilles. L’entreprise compte rembourser intégralement ses clients.
Des activistes kazakhs visés par le logiciel espion Pegasus
Une analyse technique d’Amnesty International et des alertes émises par Apple ont permis de déterminer que les téléphones de quatre opposants au régime kazakh ont été infectés par le logiciel espion.
FBI warns that Cuba ransomware group has compromised 49 entities in five critical infrastructure sectors
The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, inc
Microsoft seizes domains used to attack 29 global governments
Microsoft said a group based in China named « Nickel » was using domains to attack government groups and NGOs across Latin America, the Caribbean and Europe.
Failles / vulnérabilités
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a « Mini internet meltdown soonish. »
Ireland Conti ransomware attack vector was spam email
PWC report shows long list of missed opportunities to shut out extortion crims
New zero-day exploit for Log4j Java library is an enterprise nightmare
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.
Justice / police / réglementation
Cyber Command boss acknowledges US military actions against ransomware groups
President Joe Biden is scheduled to hold a video call with Russian President Vladimir Putin on Tuesday to discuss cybersecurity and a range of other issues.
Canada Charges Its « Most Prolific Cybercriminal »
A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as « the most prolific cybercriminal we’ve identified in Canada, » but so far they’ve released few other details about the investigation or the defendant.
Suisse
Mitto AG, ce partenaire de Google et WhatsApp qui offre en secret des services de surveillance de mobiles
Mitto AG dispose de deux activités. L’une est officielle et concerne l’envoi de SMS en masse. L’autre est officieuse et permet d’espionner des personnes au moyen de leurs smartphones.
CVE – 2021 News & Events
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Divers
Germany’s new government will firmly defend encryption, key Social Democrat says
The next German government intends to speak more strongly in favour of end-to-end encryption and against the introduction of backdoors, Jens Zimmermann, the digital policy expert for the Social Democrats (SPD) who co-negotiated the coalition agreement’s chapter on digitalisation, told EURACTIV in an interview.
