Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Starbucks Singapore says customer data illegally accessed in data leak
F&B chain notifies members of its Rewards loyalty programme that customer details, including birthdates, residential addresses, and mobile numbers, have been illegally accessed and it is working with local authorities on the security incident.
New York ambulance service discloses data breach after ransomware attack
Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information.
Cyberattaques / fraudes
Uber Investigating Massive Security Breach by Alleged Teen Hacker
The hacker claimed to gain access to Uber’s AWS, Google Cloud, and even financial data.
Hacker Trio Tied to Iran Attacked U.S. Hundreds of Times, Feds Say
Three Iranian men allegedly carried out attacks on everything from electrical utilities to a domestic violence shelter to a county government.
China Accuses the NSA of Hacking a Top University to Steal Data
The Chinese government claims the infiltration of a top college is the latest in an ongoing barrage of cyberattacks conducted by America’s hackers.
Montenegro
A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow.
Albania was hit by a new cyberattack and blames Iran
Albania blamed the Iranian government for a new cyberattack that hit computer systems used by the state police on Friday.
FBI: Hackers steal millions from healthcare payment processors
The Federal Bureau of Investigation (FBI) has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker.
Akamai mitigated a new record-breaking DDoS attack
Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack.
LastPass revealed that intruders had internal access for four days
The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack.
Failles / vulnérabilités
Teslas Hackers Have Found Another Unauthorized Access Vulnerability
It borrows tricks from typical radio-frequency relay attacks, but the implementation is exclusive to the most modern cars.
Vulnerabilities Found in Airplane WiFi Devices
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity on airplanes. Thomas Knudsen and Sam
Justice / police / réglementation
WSJ News Exclusive | U.S. Recovers Over $30 Million in Cryptocurrency Stolen by North Korean Hackers
Sum is only a fraction of hundreds of millions siphoned in breach of ‘Axie Infinity’ online videogame this year
Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police
Aubrey Cottle, known for his ties to the hacktivist collective Anonymous, took responsibility for multiple hacks on his TikTok channel.
Attaques de rançongiciels par trois ressortissants iraniens aux États-Unis | UnderNews
Le ministère de la Justice américaine a annoncé l’inculpation de trois ressortissants iraniens pour des attaques de rançongiciels (attaques reposant sur BitLocker) contre des citoyens américains.
Suisse
La Ville de Saint-Gall veut interdire la reconnaissance faciale automatique dans les lieux publics
Le conseil municipal de la Ville de Saint-Gall souhaite interdire la reconnaissance faciale automatisée dans l’espace public – ce serait la première ville de Suisse à le faire. Cette décision a été prise suite à une motion de la gauche et des verts.
Divers
Google, Microsoft can get your passwords via web browser’s spellcheck
Enhanced Spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.
