L’hebdo cybersécurité | 26 mars 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

US authorities arrest alleged BreachForums owner and FBI hacker Pompompurin | Engadget

US law enforcement authorities this week arrested the person allegedly responsible for hacking the Federal Bureau of Investigation (FBI) in 2021..

OpenAI says a bug leaked sensitive ChatGPT user data | Engadget

OpenAI announced Friday that the chat history bug from earlier in the week might have also leaked user and payment data..

Ferrari says ransomware attack exposed customers’ personal data

Italian supercar manufacturer Ferrari said customers’ personal information was compromised in a ransomware attack.

New victims come forward after mass-ransomware attack

The list of victims mass-hacked thanks to a security flaw in Fortra’s GoAnywhere software is growing – but the known impact is murky at best.

Hacker demonstrates security flaws in GPT-4 just one day after launch

Ethical hacker and computer science student Alex Albert shares how he discovered security flaws in GPT-4 just one day after launch.

Russia’s Rostec allegedly can de-anonymize Telegram users

Russia’s Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to be used to tamp down on unfavorable news out of the country.

German parties accused of voter microtargeting on Facebook

Country’s super strong data rights under magnifying glass after half a dozen complaints filed

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Hackers can hijack Samsung and Pixel phones by knowing phone number

Out of 18 zero-day vulnerabilities, four allowed hackers to remotely compromise smartphone devices using just the victim’s phone number.

LockBit ransomware gang now also claims City of Oakland breach

Another ransomware operation, the LockBit gang, now threatens to leak what it describes as files stolen from the City of Oakland’s systems.

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

City of Toronto confirms data theft, Clop claims responsibility

City of Toronto is among Clop ransomware gang’s latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city government include UK’s Virgin Red and the statutory corporation, Pension Protection Fund.

GitHub publie par erreur sa clé RSA SSH – Le Monde Informatique

Authentification et SSO : Le spécialiste du dépôt de code GitHub a annoncé dans un blog avoir changé sa clé RSA SSH, qui suite à une erreur a été exposée brièvement dans un…

At least 5 news stations receive letter bombs in Ecuador, one explodes: « Clear message to silence journalists »

One journalist received a USB stick which exploded when he inserted it into a computer, his employer said.

Des cybercriminels menacent de publier des données sensibles de la NZZ (update)

Plusieurs médias alémaniques ont été touchés par un ransomware. Portée contre la NZZ, l’attaque a affecté également le groupe CH Media. Sur le darknet, un groupe de cybercriminels revendique maintenant l’attaque et menace de publier les données volées.