Le tour des actus cybersécurité | 25 sept 2022

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Data of millions of users exposed in Australia’s 2nd-largest telecom firm breach

Optus has over 10.2 million mobile customers in Australia and is supported by a network that covers 98.5 percent of the total population.

Hacker steals Grand Theft Auto 6 source code, videos

So is that three or four stars?

Details of Over 300,000 Russian Reservists Leaked, Anonymous Claims

The group claims the individuals are likely to be mobilized by the Russian government to fight in Ukraine

Significant cyberattack hits Australian telco Optus

Subscribers have questions – like ‘When were you going to tell us?’

Whistleblower: DoD Purchased Access to Americans’ Internet Browsing

Sen. Ron Wyden urged inspectors general at three departments to investigate the military’s purchases of large swaths of data.

Cyberattaques / fraudes

Hackers stole $160 Million from Crypto market maker Wintermute

Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute.

Anonymous claims hacked website of Russian Ministry of Defense

The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people.

Uber links cyberattack to LAPSUS$, says sensitive user data remains protected

Attacker likely bought employee account credentials on the dark web and then escalated privileges to access internal tools.

Revolut confirme un hack de données personnelles – Le Monde Informatique

Intrusion, Hacking et Pare-feu : La banque en ligne anglaise Revolut a confirmé un accès malveillant à son système d’information ayant permis à des pirates d’accéder à des données…

BlackCat ransomware’s data exfiltration tool gets an upgrade

The BlackCat ransomware (aka ALPHV) isn’t showing any signs of slowing down, and the latest example of its evolution is a new version of the gang’s data exfiltration tool used for double-extortion attacks.

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

LAPSUS$ is just one cybercriminal group that has breached networks of large companies such as Uber and Microsoft by spamming employees with MFA authentication requests.

Iranian Hackers Hid in Albanian Networks for Over a Year

CISA report reveals extent of state-backed campaign

Failles / vulnérabilités

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

Sophos warns of new firewall RCE bug exploited in attacks

Sophos warned today that a critical code injection security vulnerability in the company’s Firewall product is being exploited in the wild.

Une faille de 15 ans dans Python fragilise des projets open source – Le Monde Informatique

Intrusion, Hacking et Pare-feu : Atténuée mais non corrigée, une vulnérabilité dans le langage Python vieille de 15 ans refait surface en affectant potentiellement plus de 350 000…

Justice / police / réglementation

UK Police arrests teen believed to be behind Uber, Rockstar hacks

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks.

Suisse

Ransomware: la police zurichoise trouve des clés de déchiffrement

En octobre 2021, des opérations de police ont été menées en Ukraine et en Suisse contre douze cybercriminels présumés. Dans le cadre de la procédure pénale qui s’en est suivie, la police cantonale zurichoise a découvert des clés permettant de déchiffrer les données cryptées par des ransomware.

Article

Dreamlab Technologies is pleased to have become a cyber-safe.ch label partner. The label aims to break down the barriers preventing entry into the world of IT security for SMEs and other small organisations, by offering a strong incentive and providing them with the necessary tools for responsible cyber security management.

Divers

Ransomware operators might be dropping file encryption in favor of corrupting files

Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.

LastPass source code breach – incident response report released

Wondering how you’d handle a data breach report if the worst happened to you? Here’s a useful example.