Voici la sélection des cyberattaques majeures découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Security Firm at Center of $30 Million Easter Heist Was Hacked Months Earlier
A private security firm that controls a huge amount of money was robbed over Easter weekend. Cops are stumped as to how it happened.
World’s second-largest lens-maker blinded by cyber-incident
Japan’s Hoya also makes components for chips, displays, and hard disks, and has spent four days groping for a fix
Jackson County in state of emergency after ransomware attack
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday.
Omni Hotels confirms cyberattack behind ongoing IT outage
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations.
US Health Dept warns hospitals of hackers targeting IT help desks
The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.
Cyberkriminelle wollen mit angeblichen Flugverspätungen Kasse machen
Ist ein Flug verspätet, haben Reisende mitunter Anspruch auf eine Entschädigung. Doch wenn sich TAP Air Portugal per E-Mail meldet, stecken möglicherweise Cyberkriminelle mit Phishing-Absichten dahinter. Die Kapo Zürich empfiehlt, die Mail zu ignorieren.
Les hackers du Kremlin envoient une fausse invitation à diner à la sphère politique allemande
Des représentants politiques allemands ont été ciblés par une campagne de mails piégés lancée par les » Cozy Bear « . Ce groupe de hackers du Kremlin est
Missouri county declares state of emergency amid suspected ransomware attack
Outage occurs on same day as special election, but election offices remain open.
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
China-backed operatives used fake social profiles to gauge US political division, Microsoft says
Some of the fake accounts used AI-generated images, and have doubled or tripled their followers since being detected, the company told Nextgov/FCW.
This backdoor almost infected Linux everywhere: The XZ Utils close call
For the first time, an open-source maintainer put malware into a key Linux utility. We’re still not sure who or why – but here’s what you can do about it.
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Visa warns of new JSOutProx malware variant targeting financial orgs
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
Hackers Can Use AI Hallucinations to Spread Malware
Generative artificial intelligence is good at sounding authoritative – even when it’s making stuff up. One community that thinks so-called AI hallucinations are
Thousands of Australian Businesses Targeted With RAT
Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware, Agent Tesla.
Chinese hackers turn to AI to meddle in elections
Beijing’s influence operations are experimenting with synthetically generated content to carry out influence operations, per Microsoft report.
ALPHV steps up laundering of Change Healthcare ransom payments
As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment.
Hosting firm’s VMware ESXi servers hit by new SEXi ransomware
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company’s VMware ESXi servers and backups.
Hackers Hijacked Notepad++ Plugin To Inject Malicious Code
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users’ systems upon execution.
