L’hebdo cybersécurité | 25 juin 2023

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles.

Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉

Someone sent mysterious smartwatches to US Military personnel

U.S. Army’s Criminal Investigation Division warns that US military personnel have reported receiving unsolicited smartwatches in the mail.

LastPass users furious after being locked out due to MFA resets

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps.

Hackers threaten to leak 80GB of confidential data stolen from Reddit

Hackers are threatening to release confidential data stolen from Reddit unless the company withdraws its controversial API price hikes

Hacker responsible for 2020 Twitter breach sentenced to prison

The hacker, known as PlugWalkJoe, was part of a group that broke into high-profile Twitter accounts in 2020 to spread cryptocurrency scams.

DOJ establishes cybercrime enforcement unit as U.S. warnings mount over Chinese hacking

Assistant Attorney General for National Security Matt Olsen said the center will speed up disruption campaigns and prosecutions.

BlackCat gang threatens to leak plastic surgery photos

Sharing a cancer patient’s nude snaps earlier wasn’t enough for these scumbags

Data Breach at New BreachForums: 4,000 members’ data leaked

BreachForums is a recently resurfaced alternative to the popular but now defunct Breach Forums, which was seized by RaidForums.

Military Satellite Access Sold on Russian Hacker Forum for $15,000

A hacker active on a Russian hacker forum has posted an ad offering access for sale to a military satellite operated by Maxar Technologies.

Chinese Espionage Malware Targets European Healthcare via USB Drives

The malware campaign has been attributed to the Chinese APT group Mustang Panda, also known as Camaro Dragon.

3CX data exposed, third-party to blame

A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data.

More than a million GitHub repositories potentially vulnerable to RepoJacking

Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking.

Reddit hackers threaten to leak data stolen in February breach

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.

American Airlines, Southwest Airlines disclose data breaches affecting pilots

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals.

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web. Cybercriminals are targeting the valuable information.

Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor

Flea, a Chinese state-sponsored actor, strikes foreign affairs ministries and more with the powerful Graphican backdoor.

Schneider Power Meter Vulnerability Opens Door to Power Outages

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

CISA, FBI Offer $10M for Cl0p Ransomware Gang Information

The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.

LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems

Under construction: The world’s leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.

Reddit hackers demand $4.5 million ransom and API pricing changes

Ransomware group BlackCat is claiming responsibility for a Reddit hack earlier this year. They demanded money and changes to Reddit’s controversial API policy in exchange for not leaking the stolen data.