Le tour des actus cybersécurité

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Medibank Admits That All Customer Data Was Exposed
As reported by Medibank, an Australian health insurance giant, every one of its customers had their personal information accessed by ransomware actors-which h

https://www.ictjournal.ch/news/2022-10-24/fuite-de-donnees-chez-microsoft-65000-clients-seraient-concernes

Australian Clinical Labs says patient data stolen in ransomware attack
Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people.

Hackers stole sensitive data from Iran’s atomic energy agency – Security Affairs
Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system.

167,000 stolen credit card numbers Exposed via PoS Malware
Researchers have shared details of how two PoS malware were used to steal over 167,000 payment records from over 200 hacked devices.

Cette entreprise paie la rançon, mais les pirates divulguent quand même ses données
Il est toujours recommandé aux victimes de ransomware de ne pas céder aux demandes de rançon, et ce cas réel le prouve.

Cyberattaques / fraudes

A massive cyberattack hit Slovak and Polish Parliaments
The Slovak and Polish parliaments were hit by a massive cyber attack, the voting system in Slovakia’s legislature was brought down.

Largest EU copper producer Aurubis suffers cyberattack, IT outage
German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread.

Twilio discloses another security incident that took place in June
Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack

Iran’s nuclear energy agency confirms email server hacked
Iranian hacking group Black Reward has claimed responsibility for a breach at the email server of the country’s Bushehr nuclear power plant, in support of nationwide protests over the death of a young woman in police custody.

Norway PM warns of Russia cyber threat to oil and gas industry
Norway ‘s prime minister warned last week that Russia poses « a real and serious threat » to the country’s oil and gas industry.

Wholesale giant METRO confirmed to have suffered a cyberattack
International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack.

Royaume-Uni: Une Suissesse grugée de près de 700’000 francs en ligne
Deux escrocs ont été condamnés à Londres. La principale victime est une sexagénaire tombée amoureuse d’un faux médecin.

Failles / vulnérabilités

OpenSSL warns of critical security vulnerability with upcoming patch
We don’t have the details yet, but we can safely say that come Nov. 1, everyone — and I mean everyone — will need to patch OpenSSL 3.x.

FBI warning: This ransomware group is targeting poorly protected VPN servers
Attackers are using VPN servers to gain access, and then SSH and RDP to spread through networks.

Zimbra dans la tourmente après la découverte d’autres vulnérabilités – Le Monde Informatique
Intrusion, Hacking et Pare-feu : Des failles de niveau élevé et critique ont été relevées dans Zimbra Collaboration Suite. Les entreprises qui ne disposent pas de correctifs sont…

Justice / police / réglementation

British Hacker Charged for Operating « The Real Deal » Dark Web Marketplace
U.S. government has charged a 34-year-old British hacker with running a dark web marketplace called The Real Deal that sold hacking tools and stolen c

Student arrested for running one of Germany’s largest dark web markets
The Federal Criminal Police Office (BKA) in Germany have arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) 3, one of the largest darknet markets in the country.

Dutch police arrest hacker who breached healthcare software vendor
The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents.

Ukrainian charged for operating Raccoon Stealer malware service
26-year-old Ukrainian national Mark Sokolovsky has been charged for his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.

Fines for massive data breaches to increase to at least $50 million after Optus and Medibank hacks
The financial penalty imposed on companies that suffer serious or repeated privacy breaches will be increased to at least $50 million.

Clearview AI image-scraping face recognition service hit with €20m fine in France
« We told you to stop but you ignored us, » said the French regulator, « so now we’re coming after you again. »

https://www.bitdefender.com/blog/hotforsecurity/ex-cop-abused-police-tool-in-snapshot-sextortion-plot-that-stole-sexually-explicit-photos-and-videos/

Suisse

Cyberattaque à Zurich: L’app des transports publics plante le jour où les billets sont gratuits
Une offre promotionnelle a été partiellement empêchée samedi à cause de pirates informatiques. Seuls les plus prévoyants ont pu en profiter.

Neuchâtel: Situation sous contrôle après la cyberattaque du réseau pédagogique
Après l’attaque contrée du système de messagerie du réseau pédagogique neuchâtelois, tous les mots de passe des utilisateurs ont été réinitialisés, par précaution.

Rencontrez les startups sélectionnées pour la saison 4 du Tech4Trust – Trust Valley
Découvrez les 26 startups sélectionnées pour la 4ème édition du programme d’accélération Tech4Trust.

Divers

Apple Launches New Security Research Hub
Apple engineers share technical details about the team’s work on memory safety features on the new Apple Security Research site.

Japan officials link digital ID cards to healthcare
Risk of death is certainly one way to get the populace on board

New York Post hacked? No, the culprit is an employee
Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians.

Des serveurs, des API et du temps.
DCOD est bénévole, mais l'hébergement a un coût. Participez aux frais techniques.

Proton Pass

Gérez vos mots de passe et identités en toute simplicité. Chiffrement de bout en bout pour une sécurité maximale de vos accès.

Voir l'offre

🛒 Lien affilié DCOD

☕ Je soutiens DCOD

L'essentiel Cybersécurité, IA & Tech

Rejoignez la communauté. 3 fois par semaine, recevez l'analyse des tendances par Marc Barbezat. Pas de spam, juste de l'info.

Ou suivez le flux temps réel

Navigation

Les derniers articles

Suivez en direct

Vol / perte de données

Cyberattaques / fraudes

Failles / vulnérabilités

Justice / police / réglementation

Suisse

Divers

Proton Pass

L'essentiel Cybersécurité, IA & Tech

Etiquettes

A lire également

1 commentaire

Des idées de lecture recommandées par DCOD