Revue de Presse “Sécurité informatique” du mois de juin 2021

Par Connaissancenetwork @Cnetwork2_0

Cette revue de presse généraliste et mensuelle a pour but de sensibiliser le public aux problématiques de la sécurité informatique.

Semaine 1 juin 2021 UK Special Forces soldiers' personal data was floating around WhatsApp in a leaked Army spreadsheet

Exclusive An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet. The document, seen by The Register, contained details of all 1,182 British soldiers recently promoted from corporal to sergeant - including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment.

Lire cet article sur theregister.com > Tokyo Olympics organizers' data swept up in Fujitsu hack: report - CyberScoop

The organizing committee of the Tokyo Olympics is the latest victim of a breach in which hackers broke into a Japanese government contractor's data-sharing tool, according to a Japanese media report. The breach affected some 170 people who participated in a cybersecurity drill ahead of the Olympic Games next month, Kyodo News reported.

Lire cet article sur cyberscoop.com > TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

TikTok updated its privacy policy quietly to collect biometric data from users.

Lire ceci sur thehackernews.com > Fujifilm shuts down computer systems following apparent ransomware intrusion - CyberScoop

Fujifilm Corp. has shut down part of its computer network and "disconnected from external correspondence" in the face of a possible ransomware attack, the Japanese electronics giant said Wednesday. In a brief statement, Fujifilm said that it became aware of the security issue late Tuesday and that it has "taken measures to suspend all affected systems in coordination with our various global entities."

Lire cet article sur cyberscoop.com > Fujifilm victime d'une cyberattaque - Le Monde Informatique

Cette semaine, le conglomérat japonais Fujifilm a fait état d'une intrusion dans ses systèmes d'information. Le groupe de cybercriminels russe REvil serait impliqué dans la propagation du trojan et voleur de données Qbot a priori présent dans les réseaux de la firme nipponne depuis mi-mai 2021 suivi d'un ransomware.

Lire cet article sur lemondeinformatique.fr > Swedish Health Agency shuts down SmiNet after hacking attempts

The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening.

Lire cet article sur bleepingcomputer.com > FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work - CyberScoop

A prolific ransomware operation known as REvil is to blame for a ransomware attack against the global meat supplier JBS, the FBI said Wednesday.

Lire cet article sur cyberscoop.com > Comment la NSA s'est servie du Danemark pour espionner la France et d'autres pays européens

Le Danemark était-il un cheval de Troie en Europe ? Le système d'espionnage danois a en tous cas servi à la NSA (National Security Agency) pour espionner en 2012 et en 2014 de hauts responsables suédois, norvégiens, français et allemands.

USA : les ransomwares deviennent une priorité nationale

Le mois dernier, un piratage informatique mené par le groupe cybercriminel Darkside a provoqué un début de panique aux États-Unis. Les pirates ont utilisé un ransomware qui est parvenu à mettre hors service le réseau de Colonal Pipeline qui alimente près de 45 % des carburants consommés sur la côte est.

Lire cet article sur presse-citron.net > WordPress force installs Jetpack security update on 5 million sites

Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in. Jetpack is a remarkably popular WordPress plug-in that provides free security, performance, and website management features, including brute-force attack protection, site backups, secure logins, and malware scanning.

Lire cet article sur bleepingcomputer.com > GitHub's new policies allow removal of PoC exploits used in attacks

GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service. To give some background behind the new policy changes, security researcher Nguyen Jang uploaded a proof-of-concept exploit (PoC) to GitHub in March for the Microsoft Exchange ProxyLogon vulnerability.

Lire cet article sur bleepingcomputer.com > Firefox now autoupdates on Windows even when not running

The Windows version of Firefox can now automatically upgrade itself to the latest version in the background when the web browser is not running. "Background Update is now available on Windows. This feature will allow Firefox to update, even if it is not running," the Firefox 90.0 Beta release notes read.

Lire cet article sur bleepingcomputer.com > Panne nationale des appels d'urgence : des victimes et un audit chez Orange (MAJ) - Le Monde Informatique

L'incident ayant touché les appels d'urgence suite à un problème technique chez Orange a été résolu dans la nuit, mais le système restait encore sous surveillance ce matin. Les numéros provisoires restent par ailleurs actifs. Le ministre de l'Intérieur a déploré des décès liés à l'impossibilité d'appeler les services d'urgence et a diligenté un audit externe sur la gestion de la panne par l'opérateur.

Lire cet article sur lemondeinformatique.fr > FBI, DOJ to treat ransomware attacks with similar priority as terrorism | ZDNet

The FBI and Justice Department upped the ante on the rhetoric around ransomware attacks on Thursday and Friday, telling a number of news outlets that cyberattacks will be treated with almost the same level of concern as terrorist attacks.

Lire cet article sur zdnet.com > Interpol intercepts $83 million fighting financial cyber crime

The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cybercrime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months.

Lire cet article sur bleepingcomputer.com > Interpol intercepts $83 million fighting financial cyber crime

The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cybercrime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months.

Lire cet article sur bleepingcomputer.com > Latvian national charged with writing malware used by Trickbot hackers - CyberScoop

U.S. prosecutors have charged a 55-year-old Latvian national with developing computer code used in tandem with the infamous malicious software known as TrickBot, which has defrauded countless people while infecting tens of millions of computers worldwide. The defendant, known as Alla Witte, was arraigned in a federal court in Cleveland on Friday after being arrested in Miami in February, the Justice Department said.

Lire cet article sur cyberscoop.com > La sécurité du certificat Covid suisse soumise à un test public, juste avant son lancement (update)

Alors que le certificat Covid suisse doit être progressivement introduit dans les cantons dès le 7 juin, le Centre national pour la cybersécurité (NCSC) lance un test public de la solution. On connaît en outre les trois prestataires choisis par la Confédération comme partenaires techniques pour le développement de la solution.

Lire cet article sur ictjournal.ch > Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Your‌ ‌Amazon‌ ‌devices will automatically share your Internet connection with your neighbors.

Lire ceci sur thehackernews.com > Comme la Russie, les États-Unis sont experts en désinformation massive

La frontière entre dénigrement et lobbying est assez floue. Les campagnes de désinformation sur les vaccins ? La faute à la Russie et la Chine, selon un rapport de l'Union Européenne publié en avril dernier. Les rumeurs tentant de "salir" Joe Biden lors des élections de 2020 ? L...

Lire cet article sur korii.slate.fr > Semaine 7 juin 2021 RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

Lire cet article sur cybernews.com > McDonald's discloses data breach after theft of customer, employee info

McDonald's, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. As the world's global foodservice retailer, McDonald's serves almost hundreds of millions of customers every day in more than 39,000 locations in over 100 countries, including roughly 14,000 restaurants in the US alone.

Lire cet article sur bleepingcomputer.com > NSW Health confirms data breached due to Accellion vulnerability | ZDNet

New South Wales Health has confirmed being impacted by a cyber-attack involving the file transfer system owned by Accellion. The system was widely used to share and store files by organisations around the world, including NSW Health, the government entity said on Friday afternoon.

Lire cet article sur zdnet.com > Avaddon ransomware group closes shop, sends all 2,934 decryption keys to BleepingComputer | ZDNet

Avaddon ransomware group, one of the most prolific ransomware groups in 2021, has announced that they are shutting the operation down and giving thousands of victims a decryption tool for free. BleepingComputer's Lawrence Abrams said he was sent an anonymous email with a password and link to a ZIP file named, "Decryption Keys Ransomware Avaddon."

Lire cet article sur zdnet.com > JBS Meat pays $11 million ransom to recover from ransomware attack quickly - Cybersecurity Insiders

To recover from the ransomware attack in less than a day, JBS USA has reportedly paid $11 million to hackers says a statement released by the company's CEO Andre Nogueira, on Wednesday. The meat processing business firm that is a subsidiary of Brazilian Firm JBS SA had to lose a day-long production of beef, lamb, [...]

Lire cet article sur cybersecurity-insiders.com > Ce nouveau groupe de pirates a une mauvaise surprise pour les diplomates

Sécurité : Ce nouveau groupe d'attaquants ne fait pas dans la dentelle quand il s'agit de cyberespionnage. Un groupe de cyberattaquants récemment découvert cible des diplomates européens, africains et moyen-orientaux.

Lire cet article sur zdnet.fr > Linux system service bug lets you get root on most modern distros

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. The polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed, and a fix was released on June 3, 2021.

Lire cet article sur bleepingcomputer.com > Les testeurs du certificat Covid fédéral décèlent des failles

L'ordonnance sur les certificats Covid entre en vigueur aujourd'hui 7 juin. Et avec elle la mise en place progressive du système. Les premiers certificats sont délivrés dans le canton de Berne dans la cadre d'une phase d'essai.

Lire cet article sur ictjournal.ch > TousAntiCovid Verif, le panier percé du pass sanitaire [MAJ]

Contacté par 01net.com, IN Groupe nous a confirmé que les données des 2D-DOC étaient bien envoyées vers un serveur central à chaque vérification, mais qu'aucune information personnelle n'y serait stockée.

Lire cet article sur 01net.com > 800 criminals arrested in biggest ever law enforcement operation against encrypted communication

The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish Police Authority (Polisen), in cooperation with the US Drug Enforcement Administration (DEA) and 16 other countries have carried out with the support of Europol one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.

Lire cet article sur europol.europa.eu > FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld

The FBI has revealed how it managed to hoodwink the criminal underworld with its secretly backdoored AN0M encrypted chat app, leading to hundreds of arrests, the seizure of 32 tons of drugs, 250 firearms, 55 luxury cars, more than $148M, and even cocaine-filled pineapples.

Lire cet article sur theregister.com > FBI uses ANOM App to capture more than 800 criminals worldwide - Cybersecurity Insiders

In what is supposed to be a mobile-based sting operation conducted by the United States Federal Bureau of Investigation (FBI) in association with Australian Police, information is out that it led to the arrest of more than 800 criminals that includes 72 most wanted criminals involved in drug mafia, cryptocurrency mining, distribution of ransomware and [...]

Lire cet article sur cybersecurity-insiders.com > US DOJ recovers more than half of ransomware payment of Colonial Pipeline hack - Cybersecurity Insiders

In May this year, the United States fuel supplier Colonial Pipeline made a payment of $4.4 million in Bitcoins to DarkSide hacking group for freeing up its servers from the file-encrypting malware. Now, the US Department of Justice has issued a media update stating that a majority of the ransom payment was recovered from [...]

Lire cet article sur cybersecurity-insiders.com > Network security firm COO charged with medical center cyberattack

The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC). 45-year-old Vikas Singla supposedly disrupted the health provider's Ascom phone service and network printer service and obtained information from a Hologic R2 Digitizer digitizing device in September 2018.

Lire cet article sur bleepingcomputer.com > Huge parts of the internet facing outages | CyberNews

Multiple outages hit social media, government, and news websites across the globe on Tuesday morning, with some reports pointing to a glitch at U.S.-based cloud computing services provider Fastly. Fastly said it was investigating "the potential impact to performance with our CDN services," according to its website.

Lire cet article sur cybernews.com > Semaine 14 juin 2021 Over a billion records belonging to CVS Health exposed online | ZDNet

In another example of misconfigured cloud services impacting security, over a billion records belonging to CVS Health have been exposed online. On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry.

Lire cet article sur zdnet.com >

Alibaba's Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. The info was lifted from the site by a crawler developed by an affiliate marketer. Chinese outlet 163.com reported the case last week and today it was picked up by the Wall Street Journal.

Lire cet article sur theregister.com > Poland blames Russia for breach, theft of Polish officials' emails

Poland's deputy prime minister Jarosław Kaczyński says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation. "After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies of various political options were subject to a cyber-attack," Kaczyński said in a statement published today.

Lire cet article sur bleepingcomputer.com > Audi, Volkswagen customer data being sold on a hacking forum

Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container. Last week, the Volkswagen Group of America, Inc. (VWGoA) disclosed a data breach after a vendor left customer data unsecured on the Internet between August 2019 and May 2021.

Lire cet article sur bleepingcomputer.com > Nintendo Says Another 140,000 Accounts May Have Been Exposed

Back in April, Nintendo confirmed that approximately 160,000 users had their accounts hacked. At the time, the company encouraged people to enable two-factor authentication and emailed individual customers who had been affected that it was resetting their Nintendo Network IDs (NNID). Now, after further investigation, ...

Lire cet article sur gizmodo.com > Biden says he gave Putin list of 16 sectors that should be off-limits to hacking - CyberScoop

President Joe Biden said he gave Russian President Vladimir Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be the subject of malicious cyber activity during a meeting between the two men in Geneva on Wednesday.

Lire cet article sur cyberscoop.com > N Korean hackers used VPN flaws to breach S Korean atomic agency

Korea Atomic Energy Research Institute (KAERI), which is a government-owned organization in South Korea, has disclosed that its internal network was targeted by cybercriminals possibly operating from North Korea. The KAERI is a Seoul-funded research institute established in 1959.

Lire cet article sur hackread.com > Les communications des premiers téléphones mobiles étaient volontairement exposées

Un article scientifique récemment publié, puis repéré par Motherboard, fait l'effet d'une bombe dans le milieu du chiffrement. Des chercheurs estiment que, non seulement la technologie qu'utilisaient les téléphones mobiles dans les années 1990 et 2000 était exposée aux hackers, mais qu'elle l'était probablement intentionnellement.

Lire cet article sur korii.slate.fr > Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents - CyberScoop

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry's knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens.

Lire cet article sur cyberscoop.com > Peloton Bike+ vulnerability allowed complete takeover of devices

A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. Peloton is the manufacturer of immensely popular fitness machines, including the Peloton Bike, Peloton Bike+, and the Peloton Tread.

Lire cet article sur bleepingcomputer.com > Three UK telco bug has customers receiving and making random calls

Customers of the Three UK telco company are panicking as they receive a series of random phone calls due to an ongoing issue. Likewise, outbound calls from customers are being routed to random strangers. Three is the fourth-largest British telecom giant and Internet Service Provider (ISP) with 13.3 million subscribers as of 2020.

Lire cet article sur bleepingcomputer.com > Police Bust Major Ransomware Gang Cl0p

Police in Ukraine announced it arrested members of the ransomware gang that called itself Cl0p, seizing computers and cash in a major international operation.

Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP's victims this year alone include Stanford University Medical School, the University of California, and University of Maryland.

Lire cet article sur krebsonsecurity.com > Repairmen suspected of installing ransomware on customers' PCs...

According to a report by Catalin Cimpanu at The Record, authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers...

Lire cet article sur bitdefender.com > DOJ to Treat Ransomware Hacks Like Terrorism Now: Here's the Full Memo

The U.S. Department of Justice plans to take a much harsher approach when pursuing cybercriminals involved in ransomware attacks-and will investigate them using strategies similar to those currently employed against foreign and domestic terrorists. The new internal guidelines, previously reported by , were passed down to U.S.

Lire cet article sur gizmodo.com > SEC settles with First American over massive leak of mortgage data, disclosure | ZDNet

The Securities and Exchange Commission (SEC) has agreed to a settlement with First American over the leak of millions of financial records and subsequent disclosure. Announced on Tuesday, the settlement will see the case closed in return for a $487,616 penalty and adherence to a cease-and-desist order.

Lire cet article sur zdnet.com > As vaccine passports morph into digital IDs, privacy advocates want to know that user data is protected - CyberScoop

Tech companies and global organizations have championed health passes, sometimes known as vaccine passports, as a means to securely reopen businesses and borders as COVID-19 cases drop and vaccination rates rise. The technology is meant to serve as a secure way to prove vaccination without someone needing to present a physical vaccine card or other documentation.

Lire cet article sur cyberscoop.com > Google force installs Massachusetts MassNotify Android COVID app

Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it. For the past few days, users have reported that Google silently installed the Massachusetts 'MassNotify' app on their devices without the ability to open it or find it in the Google Play Store.

Lire cet article sur bleepingcomputer.com > Visa et Mastercard concluent de nouveaux accords pour déployer la biométrie

Mastercard et Visa ont annoncé avoir conclu de nouveaux partenariats pour déployer plus largement l'authentification biométrique. Des nouveaux accords qui pourraient leur permettre de tirer profit de cette tendance émergente. Les deux entreprises s'ouvrent davantage à la biométrie. D'un côté, Mastercard s'associe à FinGo, la première plateforme d'authentification d'identité biométrique et de paiement au monde.

Lire cet article sur siecledigital.fr > Une panne Akamai empêche l'accès à des sites bancaires et des compagnies aériennes - Le Monde Informatique

Une dizaine de jours après le fournisseur CDN Fastly, c'est au tour d'Akamai d'être confronté à une panne. De nombreux sites incluant American Airlines, United Airlines et Delta Airlines ou encore Virgin Australia, Commonwealth Bank et la Reserve Bank of Australia ont été touchés.

Lire cet article sur lemondeinformatique.fr Semaine 14 juin 2021

IT solutions provider from Sweden reported it had detected hackers peaking inside a database with over 3 million COVID-19 test results.

Lire ceci sur cybernews.com >

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.

Lire cet article sur bleepingcomputer.com > Tulsa warns of data breach after Conti ransomware leaks police citations

The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online. In early May, Tulsa suffered a ransomware attack that led to the City shutting down its network to prevent the spread of the malware.

Lire cet article sur bleepingcomputer.com >Les conteneurs, nouvelles proies des cybercriminels - Le Monde Informatique Lire cet article sur lemondeinformatique.fr > Plus de 30 millions d'ordinateurs Dell peuvent être piratés à distance

Depuis plusieurs mois les cyberattaques montent en puissance en causant toujours plus de dégâts. La dernière tendance mise en avant dans l'étude d'Aqua Security montre que les pirates s'en prennent aussi avec succès aux environnements conteneurisés et nativement cloud.

Doctolib a transféré des données sensibles à Facebook et Outbrain

Un ensemble de failles permet d'usurper l'identité des serveurs de mise à jour UEFI et, par conséquent, de prendre le contrôle des terminaux. Des correctifs sont disponibles.

Lire cet article sur siecledigital.fr > La police britannique réalise la "plus grosse saisie de cryptomonnaie au monde"

Selon le média allemand Mobilsicher , Doctolib aurait envoyé les mots-clés tapés par les utilisateurs dans le moteur de recherche de la plateforme à Facebook et Outbrain, pendant plusieurs mois. Pour quelles raisons ? Nous ne le savons pas clairement pour le moment.

Lire cet article sur latribune.fr > Six arrested for siphoning €12 million in fraudulent COVID-19 unemployment payments from France

C'est en effectuant une série de descentes dans des planques utilisées par le "gang des blanchisseurs" que les policiers de la brigade spécialisée dans la lutte contre la fraude économique sont tombés sur un magot d'argent sale en monnaies virtuelles.

Lire cet article sur europol.europa.eu > EU Boost against cyberattacks: EU Agency for Cybersecurity welcomes proposal for the Joint Cyber Unit

On 16 June, officers from the French National Gendarmerie (Gendarmerie Nationale) and the Israeli Police (משטרת ישראל‎) closed in on the members of an organised crime group running a sophisticated benefit fraud scheme on either side the Mediterranean Sea. A total of six individuals were arrested in various locations across France.

Lire cet article sur enisa.europa.eu > Google repousse son projet de bloquer les cookies tiers

Press Release The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit which will act as a platform to ensure an EU coordinated response to large-scale cyber incidents and crises.

Lire cet article sur presse-citron.net >

Aujourd'hui, les cookies tiers sont considérés comme l'un des problèmes du web. Ceux-ci permettent en effet aux réseaux d'annonceurs de pister les internautes entre plusieurs sites, à des fins publicitaires. Et actuellement, ce type de cookie est déjà bloqué par un bon nombre de navigateurs.