La veille cyber-sécurité (sem. 5 juin 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

https://cybernews.com/security/5-million-adecco-com-users-data-leaked/

Australian National Disability Insurance Scheme provider breached and treating its database as compromised
CTARS breached in mid-May and some of the most sensitive data imaginable is now up on the dark web.

Turkish airline suffers 6.5TB data leak
A budget Turkish airline has misconfigured an AWS bucket, resulting in the exposure of flight and source code data, alongside the personal information of crew m

Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).

Pourquoi un patron a relayé sur Internet la liste de 570 employés licenciés
Selon Sebastian Siemiatkowski, le patron de Klarna, le document mis en ligne a pour but d’aider les licenciés à attirer les recruteurs

3,2 millions de données de canadiens en vente dans un blackmarket
Gestion des cookies We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking « Accept », you consent to the use of ALL the cookies.

Cyberattaques / fraudes

Conti chats confirm that the gang ability to conduct firmware-based attacks
The analysis of the internal chat of the Conti ransomware group revealed the gang was working on firmware attack techniques.

Le Costa Rica déclare l’état d’urgence contre les ransomwares – Le Monde Informatique
Sécurité : Le Costa Rica n’a pas réussi à mettre en oeuvre la stratégie de cybersécurité qu’il avait définie il y a cinq ans. Aujourd’hui, cette défaillance…

Cybercriminalité: Le chef de l’ONU victime d’une cyberattaque
António Guterres a été victime d’une cyberattaque, d’après une lettre du secrétariat de l’Organisation. Les 193 pays membres ont été prévenus cette semaine.

Iranian hackers planned attack on Boston Children’s Hospital last summer, FBI director says
The FBI is keeping an eye on threats from Iran and China even as Russia takes priority.

Twice as Many Healthcare Organizations Now Pay Ransom
Extorters focus their efforts on a perceived soft target

Italy warns organizations to brace for incoming DDoS attacks
The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.

Conti ransomware targeted Intel firmware for stealthy attacks
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks.

Failles / vulnérabilités

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack
Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.

International Authorities Take Down Flubot Malware Network
The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

Atlassian announces 0-day hole in Confluence Server – update now!
Zero-day announced – here’s what you need to know

Justice / police / réglementation

Takedown of SMS-based FluBot spyware infecting Android phones | Europol
This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). The investigation is ongoing to identify the individuals behind this global malware campaign.

FBI seizes domains tied to stolen records, DDoS services
U.S. authorities took down a related site in 2020.

Données personnelles : Twitter écope d’une pénalité de 150 millions de dollars
La FTC a infligé une amende de 150 millions de dollars à Twitter pour l’exploitation de données personnelles à des fins publicitaires.

Three Nigerian men arrested in INTERPOL Operation Killer Bee
Interpol arrested 3 Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions and steal data.

Suisse

Novartis says no sensitive data was compromised in cyberattack
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.

Divers

Alliance cyber entre USA, Japon, Inde et Australie – InCyber
Durant son premier voyage officiel en Asie, le président américain Joe Biden a rencontré, à Tokyo, le premier ministre australien nouvellement élu Anthony Albanese, le premier ministre indien Narendra Modi et le premier ministre japonais Fumio Kishida. Dans une déclaration commune, les quatre dirigeants ont annoncé la création d’un partenariat de cybersécurité.

Singapore ups investment in quantum computing to stay ahead of security threats
Two new programmes will look to bolster skillsets in quantum computing and develop quantum devices, as Singapore stresses the need to « stay ahead of malicious actors » and ensure encryption technology remains robust.

Internet Crime Complaint Center (IC3) | The FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine
The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine. Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations.

OVHcloud : 140 clients demandent à être indemnisés après l’incendie du centre de données
80 lettres individuelles de mise en demeure avait déjà été expédiées par des clients d’OVHcloud, suite à l’incendie de data centers en 2021.

Biometric mobile payments set to exceed $1 trillion
Remote mobile payments authenticated by biometrics are predicted to reach $1.2 trillion by 2027, according to a new study. In its paper Mobile Payment Biome

Chinese state media propaganda found in 88% of Google, Bing news searches
Brookings researchers conducted their study over 120 days.

Cette veille vous est utile ?
Offrez un café pour soutenir le serveur (et le rédacteur).

Proton Pass

Gérez vos mots de passe et identités en toute simplicité. Chiffrement de bout en bout pour une sécurité maximale de vos accès.

Voir l'offre

🛒 Lien affilié DCOD

☕ Je soutiens DCOD

L'essentiel Cybersécurité, IA & Tech

Rejoignez la communauté. 3 fois par semaine, recevez l'analyse des tendances par Marc Barbezat. Pas de spam, juste de l'info.

Ou suivez le flux temps réel

Navigation

Les derniers articles

Suivez en direct