Voici le rapport de veille avec des liens directs vers les actus les plus intéressantes de la semaine passée. Certaines d’entre elles seront développées dans les prochains articles.
Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Une cyberattaque sur France Travail compromet 43 millions de comptes – Le Monde Informatique
Intrusion, Hacking et Pare-feu : Le successeur de Pôle Emploi, France Travail, vient d’annoncer avoir été victime d’une cyberattaque accompagnée d’un vol de données. Au total, les…
Russian Midnight Blizzard Hackers Breached Microsoft Source Code
Midnight Blizzard (aka Cozy Bear and APT29) originally breached Microsoft on January 12, 2024.
Lazarus APT returned to Tornado Cash to launder stolen funds
North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million.
How to verify a data breach | TechCrunch
Every data breach is different. Here are some of the tools and techniques TechCrunch uses to check if a data breach is real.
Hackers can read private AI-assistant chats even though they’re encrypted
All non-Google chat GPTs affected by side channel that leaks responses sent to users.
Member of LockBit ransomware group sentenced to 4 years in prison
33-year-old Canadian-Russian national pleaded guilty last month.
Google Chrome now better protects you against risky websites and weak passwords
Google’s Safe Browsing protection will warn you about malicious websites in real time, while the Password Checkup will alert you to weak and reused passwords.
Google paid $10 million in bug bounty rewards last year
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company’s products and services.
Acer confirms Philippines employee data leaked on hacking forum
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company’s employee attendance data after a threat actor leaked the data on a hacking forum.
Victims Lose $47m to Crypto Phishing Scams in February
Some 57,000 victims lost $47m in phishing scams targeting their cryptocurrency last month
Google to Restrict Election-Related Answers on AI Chatbot Gemini
The new restriction to Google’s AI chatbot was first implemented in India, which holds elections in April, before being rolled across other nations
NIST NVD Disruption Sees CVE Enrichment on Hold
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
Googles Bug Bounty zahlt 2023 zehn Millionen Dollar aus
Google hat 2023 zehn Millionen US-Dollar als Belohnung für gemeldete Sicherheitslücken ausgeschüttet. Es ist der zweithöchste Wert seit Auflage des « VRP ».
Google Safe-Browsing: Echtzeitschutz durch serverseitigen URL-Check
Google will den Safe-Browsing-Schutz durch Abfragen der URLs bei Google-Servern auf Echtzeit beschleunigen. Die Privatsphäre bleibe gewahrt.
Microsoft is Opening AI-Powered « Copilot for Security » to Public
Microsoft’s Copilot for Security, will be available to the public from April 1, 2024, marking an advancement in the fight against cybercrime.
AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL
INTERPOL’s assessment of global cybercrime has rung the alarm on the threat posed by growing criminal operations leveraging technology.
Sophisticated Vishing Campaigns Take World by Storm
One South Korean victim gave up $3 million to cybercriminals, thanks to convincing law-enforcement impersonation scams that combine both psychology and technology.
Nissan Oceania Breached; 100K People Affected Down Under
A possible ransomware attack has exposed government and personal data of Australians and New Zealanders, encompassing the carmaker’s customers, dealers, and employees.
FCC approves cybersecurity label for consumer devices
The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things devices.
McDonald’s: Global outage was caused by « configuration change »
McDonald’s has blamed a third-party service provider’s configuration change, not a cyberattack, for the global outage that forced many of its fast-food restaurants to close.
