Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
200 Million Twitter Users’ Data Is for Sale on the Dark Web for $2
An ongoing data disaster at Twitter just got a whole lot worse.
Slack’s private GitHub code repositories stolen over holidays
Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories.
Does Volvo Cars suffer a new data breach?
A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale.
Hive Ransomware leaked 550 GB stolen from Consulate Health Care
The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data.
Air France and KLM notify customers of account hacks
Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached.
14 UK schools suffer cyberattack, highly confidential documents leaked
Documents reportedly including passport scans, staff pay scales, and contract details stolen by cybercrime group Vice Society, which has targeted education in multiple countries.
Ransomware gang cloned victim’s website to leak stolen data
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim’s site to publish stolen data on it.
Cyberattaques / fraudes
Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
Cybercriminals Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
Après le piratage de » Charlie Hebdo « , un hackeur au profil flou et une étrange campagne sur les réseaux sociaux
Un internaute a diffusé en ligne ce qu’il affirme être des documents confidentiels volés à l’hebdomadaire satirique. Un piratage qui s’accompagne de messages de dénigrement en ligne à l’encontre de » Charlie Hebdo « .
Lockbit apologized for the attack on SickKids pediatric hospital and releases a free decryptor
LockBit ransomware group apologized for the attack on the Hospital for Sick Children (SickKids) and gave to the victim a decryptor for free.
No Title
No Description
Canadian mining firm shuts down mill after ransomware attack
The Copper Mountain Mining Corporation (CMMC), a Canadian copper mining company in British Columbia, has announced it has become the target of a ransomware attack that impacted its operations.
Lockbit ransomware gang claims to have hacked the Port of Lisbon
The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group.
No Title
No Description
Un logiciel espion israélien vise les caméras de sécurité
Le quotidien israélien Hareetz a consacré, le 26 décembre 2022, un article à la société Toka, spécialisée dans la prise de contrôle de caméras de sécurité. L’entreprise israélienne, fondée en 2018, est dirigée par un ancien chef de la cybersécurité nationale et un ancien premier ministre, Ehud Barak.
Ransomware decryption tool: Victims of MegaCortex can now unlock their files for free
Joint venture by cybersecurity researchers and law enforcement agencies provides a free decryption tool for ransomware that has hit victims around the world.
Saint Gheorghe Recovery Hospital in Romania hit with ransomware
The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity.
French-speaking cybercriminals continue attacks on African banks
Researchers reveal new details about a highly successful cybercrime group thought to have stolen millions of dollars in recent years.
Failles / vulnérabilités
Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware
Hackers are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets.
Hackers abuse Windows error reporting tool to deploy malware
Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system’s memory using a DLL sideloading technique.
Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
South African threat actors known as ‘Automated Libra’ has been improving its techniques to make a profit by using cloud platform resources for cryptocurrency mining.
Cryptominage: des pirates abusent des comptes gratuits de développement cloud – Le Monde Informatique
Intrusion, Hacking et Pare-feu : Plus de 130 000 comptes ont été créés auprès de fournisseurs de solutions de développement cloud incluant GitHub, Heroku et Togglebox par le…
Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers
A security researcher has received a $107,500 bounty for discovering vulnerabilities in Google Home smart speakers.
Log4Shell restera une menace importante en 2023 – Le Monde Informatique
Sécurité : Il est probable que la vulnérabilité Log4Shell continuera à être exploitée, car les entreprises manquent de visibilité sur leur chaîne…
Justice / police / réglementation
European regulators fine Meta over $400 million for targeted ad program
The tech giant says it plans to appeal the decision, potentially resulting in a drawn-out legal battle over its practices in Europe.
Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking
Google has agreed to pay $29.5 million to settle lawsuits brought by Indiana and Washington, D.C. over its « deceptive » location tracking practices.
Suisse
Divers
La police criminelle investit le Métavers
En octobre 2022, l’Agence européenne de police criminelle (Europol) et l’Organisation internationale de police criminelle (Interpol) ont chacune publié leur propre rapport sur le Métavers. La raison ? Elles souhaitent investir ce monde virtuel pour l’expérimenter afin de mieux comprendre les manières dont il peut être régulé et utilisé par la police.
Ukraine shuts down fraudulent call center claiming 18,000 victims
A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security employees at their banks and leading them to believe that attackers had gained access to their bank accounts.
Zéro paywall. Zéro pub.
DCOD reste en accès libre grâce à vos contributions. Chaque café compte.
1 commentaire
Commentaires désactivés.