L’hebdo cybersécurité (10 septembre 2023)

Voici le rapport de veille avec des liens directs vers les actus les plus intéressantes de la semaine passée. Certaines d’entre elles seront développées dans les prochains articles.

Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !

Les actus sélectionnées cette semaine

X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation

X Corp (formerly Twitter) has updated its privacy policy to collect biometric data from premium users to prevent fraud and impersonation.

https://techcrunch.com/2023/09/08/microsoft-hacker-china-government-storm-0558/

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

Beware of impostor apps in the Google Play Store. Fake Telegram apps have been stealing data from millions of Android users.

Musk refused Ukraine’s request to enable Starlink for drone attack [Updated]

New details on how Musk thwarted Ukraine’s submarine drone attack near Crimea.

US, UK take action against members of the Russian-linked Trickbot hacker syndicate

The DOJ also unsealed indictments against some of the alleged Trickbot members for alleged roles in ransomware and other cybercrime activity.

Russia’s ‘Fancy Bear’ APT Targets Ukrainian Energy Facility

The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.

iPhone Zero-Click, Zero-Day Flaw Exploited in the Wild to Install Malware

According to Citizen Lab, the exploit chain was capable of infecting iPhones running the most recent version of iOS (16.6) without the victim’s involvement.

China bans iPhone use for government work

The Chinese government has expanded a ban on the use of foreign phones, including the Apple iPhone, for government work or in government buildings.

LastPass security breach linked to $35 million stolen in crypto heists

Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

Le Conseil fédéral nomme Simon Müller chef du commandement Cyber

Simon Müller prendra la tête du commandement Cyber début 2024. Il est actuellement chef suppléant du projet de mise en place de cette nouvelle structure.

https://www.bitdefender.com/blog/hotforsecurity/pizza-hut-australia-leaks-one-million-customers-details-claims-shinyhunters-hacking-group/

If You’ve Got a New Car, It’s a Data Privacy Nightmare

Bad news: your car is a spy. Every major car brand failed a recent privacy and security test from Mozilla. You’re probably driving around in a « privacy nightmare » that may collect information as sensitive as your race, health status, and sexual activity.

Hackers Target High-Privileged Okta Accounts via Help Desk

Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.

No Title

No Description

Chipmaker NXP confirms data breach involving customers’ information | TechCrunch

The Dutch chipmaker said it alerted customers to a data breach impacting personal information related to their online NXP account.

How criminal networks in Sweden use false Spotify streams to launder money

This morning, one of Sweden’s largest newspapers, Svenska Dagbladet (SvD), published a thorough investigation into how criminal networks have used Spotify to launder money for years. Specifically, they have been paying for false streams of

https://www.theverge.com/2023/9/5/23859499/tiktok-first-eu-data-center-ireland-launch

Northern Ireland police chief quits in wake of data breach

Simon Byrne faced backlash over FoI blunder, plus claims officers were ‘punished’ to appease Sinn Féin

LockBit ransomware gang steals data related to security of UK military bases, due to unpatched Windows 7 PC

An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.

World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million

The world’s largest cryptocurrency casino and sportsbook platform Stake became a target of a financially motivated cyberattack, losing over $41M.