L’hebdo cybersécurité | 23 avr 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Criminals Are Using Tiny Devices to Hack and Steal Cars

Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

https://www.europol.europa.eu/media-press/newsroom/news/further-action-against-fraudulent-online-investment-platform-five-arrests-of-high-value-targets

ChatGPT-Related Malicious URLs on the Rise

Newly registered and squatting domains related to ChatGPT grew by 910% between November and April

WhatsApp, Signal Claim Online Safety Bill Threatens User Privacy and Safety

The UK Government OSB undermines end-to-end encrypted communications and must be reconsidered according to an open letter signed by Signal and WhatsApp

Police Escape $1.2m Fine For Secretly Recording Phone Calls

Surrey and Sussex police reprimanded after recording 200,000 calls

US charges three men with six million dollar business email compromise plot

Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims.

https://www.bitdefender.com/blog/hotforsecurity/us-facebook-users-can-now-claim-their-share-of-725-million-cambridge-analytica-settlement/

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

LockBit Ransomware Expands Attack Spectrum to Mac Devices

LockBit ransomware gang is reportedly developing a new version of malware that can encrypt files on Apple macOS

BlackCat Group Claims Responsibility for NCR Ransomware Attack

Leading US software and payment platform provider NCR has confirmed that it has fallen victim to a ransomware attack.

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware.

Multinational ICICI Bank leaks passports and credit card numbers

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients.

Pro-Russia hackers DDoSed the EUROCONTROL agency

Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL.

American Bar Association (ABA) suffered a data breach

The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members.

LockBit Ransomware Now Targeting Apple macOS Devices

A new LockBit ransomware operation has surfaced and this time, it’s targeting macOS devices.

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

Iranian MuddyWater hacker group has been found using the legitimate SimpleHelp remote support software to maintain persistence on victim devices.

U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

U.K. and U.S. cybersecurity agencies have warned of Russian nation-state actors exploiting flaws affecting Cisco networking equipment.

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

The Lazarus Group strikes again, this time targeting Linux users in Operation Dream Job.

NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits

An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets.

Trigona Ransomware Trolling for ‘Poorly Managed’ MS-SQL Servers

Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.