L’hebdo cybersécurité | 30 avr 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Hackers are breaking into AT&T email accounts to steal cryptocurrency

A gang of cybercriminals broke into the accounts of several AT&T email users with the goal of stealing their cryptocurrency.

Hackers steal emails, private messages from hookup websites

Unknown hackers have breached two hookup websites, stealing private messages, email addresses, and other personal data.

Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data

The U.S. government is sounding the alarm over a 10/10 severity-rated security flaw that could compromise patients’ sensitive medical data.

Hackers Take Control of Government-Owned Satellite in Alarming Experiment

Researchers said they could access an imaging satellite’s control interface, letting them manipulate its systems and introduce malicious code.

AT&T email accounts reportedly broken into to steal crypto

Hackers have reportedly been breaking into AT&T-provided email addresses, using access to steal large quantities of cryptocurrency.

DOJ Detected SolarWinds Breach Months Before Public Disclosure

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

Chinese hackers use new Linux malware variants for espionage

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as ‘Sword2033.’

Ukrainian arrested for selling data of 300M people to Russians

The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries.

Major UK banks including Lloyds, Halifax, TSB hit by outages

Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland have experienced web and mobile app outages today leaving customers unable to access their account balances and information.

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

OpenAI is back in Italy! ChatGPT is now available after meeting data protection requirements.

Google Bans Thousands of Play Store Developer Accounts to Block Malware

Last year, Google banned 173,000 developer accounts and prevented 1.5 million apps from reaching the Play Store as it fought policy violations and malware.

Hackers behind 3CX breach also breached US critical infrastructure

The attackers have been linked to North Korea and appear to be involved in cyberespionage and financially motivated attacks.

Iranian hacking group targets Israel with improved phishing attacks

Research by CheckPoint presents a new and improved infection chain leading to the deployment of a new version of a Windows backdoor called PowerLess.

Cybercrime group FIN7 targets Veeam backup servers

At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.

Microsoft launches bug bounty program for the new Bing

The company wants you to find and report vulnerabilities in the AI-powered Bing Chat, and it’s ready to pay you for them.

Hackers Leaked Minneapolis Students’ Psychological Reports, Allegations of Abuse

In a hacking episode that is spiraling from bad to worse, cybercriminals have leaked highly sensitive documents related to droves of Minneapolis students.

Fiasco de Mesvaccins.ch: le Conseil fédéral critique l’OFSP mais pas sur le point attendu

Selon la Commission de gestion du Conseil national, l’Office fédéral de la santé publique (OFSP) aurait dû se montrer plus rapide et plus critique dans sa surveillance de la fondation « mesvaccins ». En revanche, aucun blâme ne concerne la gestion des données.

Le Département de la défense et des banques testent le partage confidentiel de données de cybermenace

Le DDPS annonce avoir achevé un projet pilote de confidential computing avec la BNS, SIX et la Banque cantonale de Zurich. S’appuyant sur la technologie de Decentriq, les organisations ont pu mettre en commun et analyser leurs données de cybersécurité sans les dévoiler.