Voici le rapport de veille avec des liens directs vers les actus les plus intéressantes de la semaine passée. Certaines d’entre elles seront développées dans les prochains articles.
Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Expert found a backdoor in XZ tools used many Linux distributions
Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions.
AT&T confirms data for 73 million customers leaked on hacker forum
AT&T has finally confirmed it is impacted by a data breach affecting 73 million customers after initially denying data leaked on a hacking forum originated from them.
UK blames China for massive breach of voter data | TechCrunch
It’s the first time the United Kingdom has attributed the massive breach of millions of citizens’ voter data since the cyberattack was first disclosed in 2023.
UN Peace Operations Under Fire from State-Sponsored Hackers
The international body isn’t doing enough to protect details on dissidents and activists gathered by peacekeeping operations, particularly across Central Africa.
Serious security breach hits EU police agency
Disappearance of sensitive files of top law enforcement officials has sparked a crisis at Europol.
Ransomware : les États-Unis offrent dix millions de dollars pour débusquer les pirates de BlackCat
Les États-Unis déclarent la guerre aux cybercriminels de BlackCat. Après la cyberattaque d’envergure visant le système de santé américain, Washington a décidé de sévir contre les pirates russes.
« MFA Fatigue » attack targets iPhone owners with endless password reset prompts
Rapid-fire prompts sometimes followed with spoofed calls from « Apple support. »
Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs
Telegram’s new Peer-to-Peer Login (P2PL) feature offers free premium membership but in exchange for using your phone number as a relay to send OTPs.
Hackers poison source code from largest Discord bot platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information.
NIST Unveils New Consortium to Operate the NVD
After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future
Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats
In an overview of cybersecurity threats, Google TAG has disclosed 97 zero-day vulnerabilities exploited in the wild last year.
European Commission to Investigate Meta Subscription Model
The European Commission will scrutinize Meta’s pivot to a subscription model in response to a string of rulings from data protection boards limiting the social
Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit
Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age.
Airlines report GPS signal jamming: Russia gets the blame
GPS interference is hitting aircraft navigation systems in the Baltics as well as in other conflict regions.
US and UK accuse China of cyber operations targeting domestic politics
Officials in Washington and London say hackers backed by the Chinese state sought to silence dissidents and surveil politicians.
Spyware and zero-day exploits increasingly go hand-in-hand, researchers find
Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms.
La principale banque d’Ethiopie demande à 5000 clients de la rembourser suite à un bug
La principale banque d’Ethiopie a lancé mercredi un « dernier avertissement » à plus de 5000 de ses clients, dont elle publie les noms, qu’elle accuse d’avoir profité d’un récent problème informatique pour frauduleusement retirer ou virer de l’argent.
Telegram’s Peer-to-Peer Login system is a risky way to save $5 a month
Telegram’s new program borrows your phone number to send other users login codes in exchange for a free premium subscription. Sounds like a bad idea.