Les dernières cyberattaques détectées | 30 mai 2023

Voici la sélection des cyberattaques majeures découvertes durant ce dernier tour de veille hebdomadaire.

Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉

Internal Report Suggests Security Lapses at Hacked Crypto Exchange Bitfinex

A security review describes how attackers exploited mistakes to steal millions of dollars worth of bitcoin.

CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF) | CISA

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.

Backup Repositories Targeted in 93% of Ransomware Attacks

Organizations now acknowledge that having clean and recoverable backups is a critical element of a good business continuity plan

Lazarus Group Targeting Microsoft Web Servers to Launch Espionage Malware

Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement

https://www.bitdefender.com/blog/hotforsecurity/suzuki-motorcycle-plant-shut-down-by-cyber-attack/

German arms manufacturer Rheinmetall suffered Black Basta ransomware attack

The German automotive and arms manufacturer announced it was victim of a Black Basta ransomware attack that took place last month.

Chinese hackers breach US critical infrastructure in stealthy attacks

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, an island hosting multiple military bases, since at least mid-2021.

Hackers target 1.5M WordPress sites with cookie consent plugin exploit

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.

New Russian-linked CosmicEnergy malware targets industrial systems

Mandiant security researchers have discovered a new OT known as CosmicEnergy that targets operational technology (OT), raising concerns about potential disruptions to electric power systems worldwide.

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malware.

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

Portuguese bank users beware! Brazilian hackers are on the prowl, targeting over 30 financial institutions.

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

Le clonage de voix, une menace de plus pour les entreprises – Le Monde Informatique

Sécurité : Surfant sur la vague de l’IA générative, le clonage de voix offre un nouveau vecteur d’attaques qui intéresse de plus en plus les cybercriminels.

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

Administrators of the PyPI software repository have disabled new user sign-ups and package uploads until further notice.

Microsoft reports jump in business email compromise activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report.