L’hebdo cybersécurité | 4 juin 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles.

Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉

421M Spyware Apps Downloaded Through Google Play

A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.

US hospital forced to divert ambulances after cyberattack

The Idaho Falls Community Hospital fell victim to a cyberattack on Monday and had to divert ambulances to nearby hospitals and close some of its clinics.

Une cyberattaque hors norme frappe la Suisse, touchant l’armée et de nombreuses polices – Le Temps

Plusieurs polices cantonales, l’armée, mais aussi les douanes et l’Office fédéral de la police (Fedpol), sont concernés par le piratage de la société informatique alémanique Xplain. Cette attaque montre la vulnérabilité des prestataires IT

Ransomware attack on US dental insurance giant exposes data of 9 million patients

Millions of patients will be notified following a suspected ransomware attack on one of America’s largest dental insurers.

Toyota confirms another years-long data leak, this time exposing at least 260,000 car owners

The carmaker says it discovered more exposed data following an earlier investigation, including personal information of vehicle owners.

Legal tech firm Casepoint investigates breach after hackers claim theft of government data

Casepoint is investigating a cybersecurity incident after hackers claimed they compromised the legal tech platform to steal terabytes of data.

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs-a feature ripe for abuse, researchers say.

Kaspersky Says New Zero-Day Malware Hit iPhones-Including Its Own

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians.

Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised

The information includes names, test information and 600,000 Social Security numbers

Hacking forum hacked, user database leaked online

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Discord Admins Hacked by Malicious Bookmarks

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a crypto-focused news outlet online.

Amazon fined $31 million over privacy breaches, including snooping on kids

The case involves Amazon’s settlement with the FTC over security and privacy violations committed by its subsidiaries, Ring and Alexa.

SimpleTire Database Leak: Over 2.8 Million Records Exposed

Security researcher Jeremiah Fowler made a concerning discovery: a non-password-protected database belonging to SimpleTire.

Swiss real estate agency Neho fails to put a password on its systems

A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public.

WordPress force installs critical Jetpack patch on 5 million sites

WordPress.com owner Automat has started force installing a security patch on millions of websites today with the help of the WordPress Security Team to address a critical vulnerability in the Jetpack plug-in.

Burton Snowboards discloses data breach after February attack

Leading snowboard maker Burton Snowboards notified customers of a data breach after some of their sensitive information was « potentially » accessed or stolen during what the company described in February as a « cyber incident. »

NSA and FBI: Kimsuky hackers pose as journalists to steal intel

State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations.

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Critical zero-day flaw exploited for 7 months! Backdoor access, data exfiltration, and 3 potent malware strains discovered.

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

Sneakier & faster! New BlackCat ransomware variant Sphynx sharpening claws on evasion techniques & encryption

Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots

On-demand human solvers are now augmenting automated website cyberattacks, offering a better way around tougher anti-bot puzzles.