• Une faille permet (toujours) de contrôler à distance des appareils respiratoires et d’anesthésie
    https://cyberguerre.numerama.com/1569-une-faille-permet-de-controler-a-distance-des-appareils-r

    Des chercheurs spécialisés dans la cybersécurité médicale ont découvert une vulnérabilité au sein des appareils respiratoires et d’anesthésie fabriqués par General Electric. Présents dans les hôpitaux et centres médicaux des États-Unis, ces dispositifs peuvent être hackés à distance sans « nécessiter un niveau de compétences élevé » selon les chercheurs. Une affaire qui en rappelle une autre. En avril dernier, des chercheurs ont tiré la sonnette d’alarme après avoir créé un malware capable de truquer des scans de (...)

    #hacking #malware #General_Electric #santé

    ##santé
    //c1.lestechnophiles.com/cyberguerre.numerama.com//content/uploads/sites/2/2019/07/piron-guillaume-y5hQCIn1c6o-unsplash.jpg

  • Données des utilisateurs : trois quarts des applications mobiles iOS et Android présentent des vulnérabilités
    https://cyberguerre.numerama.com/1485-donnees-des-utilisateurs-trois-quarts-des-applications-mo

    Un rapport publié par Positive Technologies met en exergue les menaces et vulnérabilités liées aux applications mobiles téléchargées sur nos smartphones. Et le moins que l’on puisse dire, c’est que les hackers disposent d’un véritable terrain de jeu au regard du nombre important de failles trouvées par les chercheurs. Et si les applications mobiles de nos téléphones portables, si pratiques au quotidien, demeuraient en fait une porte d’entrée à demi-ouverte pour les pirates informatiques ? C’est ce que (...)

    #Android #malware #spyware #iOS #hacking

    //c2.lestechnophiles.com/cyberguerre.numerama.com//content/uploads/sites/2/2019/06/jonah-pettrich-1586491-unsplash.jpg

  • Vulnerabilities and threats in mobile applications, 2019
    https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019

    In 2018, mobile apps were downloaded onto user devices over 205 billion times. Data by Marketing Land indicates that 57 percent of total digital media time is spent on smartphones and tablets. More often than not, our daily lives depend on apps for instant messaging, online banking, business functions, and mobile account management. According to Juniper Research, the number of people using mobile banking apps is approaching two billion—around 40 percent of the world’s adult population. (...)

    #malware #smartphone #spyware #hacking

  • Infectés à la source, des smartphones Android ont été vendus avec une porte dérobée
    https://cyberguerre.numerama.com/1417-infectes-a-la-source-des-smartphones-android-ont-ete-vend

    Par la voie d’un billet publié sur son blog, Google a mis au jour une infection informatique ayant touché plusieurs smartphones Android en 2017. Les attaquants sont ainsi parvenus à installer une porte dérobée avant que les appareils mobiles ne quittent les usines de fabrication. Si le malware Triada ne vous dit rien, alors n’hésitez pas à jeter un œil aux publications d’antan de Kaspersky Lab. En 2016, la firme de cybersécurité russe décrivait ce virus comme l’un des chevaux de Troie les plus (...)

    #Google #Android #malware #smartphone #hacking #Triada

    //c0.lestechnophiles.com/cyberguerre.numerama.com//content/uploads/sites/2/2019/06/rami-al-zayat-170349-unsplash.jpg

  • NSA : des hackers chinois ont exploité l’un de ses outils d’espionnage un an avant les Shadow Brokers
    https://cyberguerre.numerama.com/1323-nsa-des-hackers-chinois-ont-exploite-lun-de-ses-outils-de

    Un groupe de hackers chinois répondant au nom de Buckeye aurait exploité l’un des logiciels malveillants de la National Security Agency (NSA) un an avant l’affaire des Shadow Brokers. Bien que l’outil d’exécution utilisé soit différent de celui des Américains. La réputation de la National Security Agency (NSA), célèbre agence de renseignements américaine, prend un nouveau coup. Fin 2017, le groupe de hackers Shadow Brokers levait le voile sur plusieurs outils d’espionnage appartenant à l’Equation Group, (...)

    #NSA #malware #hacking

    //c0.lestechnophiles.com/cyberguerre.numerama.com//content/uploads/sites/2/2019/05/adi-constantin-65004-unsplash.jpg

  • The Complete Mercenary
    https://theintercept.com/2019/05/03/erik-prince-trump-uae-project-veritas

    How Erik Prince Used the Rise of Trump to Make an Improbable Comeback When Erik Prince arrived at the Four Seasons resort in the Seychelles in January 2017 for his now-famous meetings with a Russian banker and UAE ruler Mohammed bin Zayed, he was in the middle of an unexpected comeback. The election of Donald Trump had given the disgraced Blackwater founder a new opportunity to prove himself. After years of trying and failing to peddle a sweeping vision of mercenary warfare around the (...)

    #militarisation #activisme #sécuritaire #US_Defense_Intelligence_Agency_(DIA) #CIA #manipulation #écoutes #web #surveillance (...)

    ##US_Defense_Intelligence_Agency__DIA_ ##malware

  • A rhetorical question about the effectiveness of our #security solutions
    https://hackernoon.com/a-rhetorical-question-about-the-effectiveness-of-our-security-solutions-

    If our approach to cyber security is working, why in 2019, are we reading about hacking, social engineering and data breaches every day? Every day?I know it’s easier to attack than it is to defend, but we all know in the industry that many of the successful attacks can be prevented. Unfortunately, “PEOPLE” are the weakest link in the chain of our security solutions. And unfortunately, telling PEOPLE not to open emails from people they don’t recognize doesn’t stop them from… you know,… opening emails from people they don’t recognize. And telling them to “check the URL” is the single worst piece of advice you can give to anyone.Below are domains that are available right now for purchase. Buy one and then get yourself a free SSL cert from Let’s Encrypt. That will fool 99.9% of everyone you test, (...)

    #phishing #cybersecurity #ransomware #malware

  • Mapping #trickbot and RevengeRAT with MITRE ATT&CK and AlienVault USM Anywhere
    https://hackernoon.com/mapping-trickbot-and-revengerat-with-mitre-att-ck-and-alienvault-usm-any

    MITRE ATT&CK™ (Adversarial Tactics, Techniques and Common Knowledge) is a framework for understanding attackers’ behaviors and actions.We are pleased to announce that AlienVault USM Anywhere and Open Threat Exchange (OTX) now include MITRE ATT&CK™ information. By mapping alarms to their corresponding ATT&CK techniques, we are assisting in prioritizing analysis work by understanding the context and scope of an attack.Below we’ve outlined how this new capability can help you investigate two threats — TrickBot and RevengeRat.Mapping a Trickbot infection with ATT&CKTrickbot is a #malware family that was discovered a few years ago targeting the banking industry, but following some investigations, it is still active and evolving. The malware is usually delivered using attached Office (...)

    #mitre-attack #threat-intelligence #security

  • 40% of malicious URLs were found on good domains - Help Net Security
    https://www.helpnetsecurity.com/2019/03/01/malicious-urls-good-domains

    40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.

    Home user devices are more than twice as likely to get infected as business devices. Sixty-eight percent of infections are seen on consumer endpoints, versus 32 percent on business endpoints.

    Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent over the course of 2018. Phishing sites now use SSL certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. Seventy-seven percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80 percent of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall.

    After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.

    Nearly a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows Vista and up.

    Devices that use Windows 10 are at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business.

    “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program,” said Hal Lonas, CTO, Webroot.

    malicious URLs good domains

    Despite the decrease in cryptocurrency prices, cryptomining and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period from September through December 2018. These techniques can be more lucrative than ransomware attacks, since they don’t require waiting for the user to pay the ransom, and they have a smaller footprint. As far as web-based cryptojacking, Coinhive still dominates with more than 80 percent market share, though some new copycat cryptojacking scripts are gaining in popularity.

    While ransomware was less of a problem in 2018, it became more targeted. We expect major commodity ransomware to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used the Remote Desktop Protocol (RDP) as an attack vector, leveraging tools such as Shodan to scan for systems with inadequate RDP settings. These unsecured RDP connections may be used to gain access to a given system and browse all its data as well as shared drives, providing criminals enough intel to decide whether to deploy ransomware or some other type of malware.

    #Cybersécurité #Phishing #Malware

  • Des milliers de correspondances confidentielles de diplomates européens ont été piratées
    https://www.lemonde.fr/pixels/article/2018/12/19/des-milliers-de-correspondances-confidentielles-de-diplomates-europeens-ont-

    Les pirates, soupçonnés d’avoir été employés par la Chine, ont eu accès au système pendant au moins trois ans, a révélé le « New York Times ». Des pirates informatiques ont infiltré pendant au moins trois ans le réseau de communication diplomatique de l’Union européenne (UE) et ont téléchargé des milliers de câbles (des correspondances entre diplomates censées rester confidentielles) échangés entre les ambassades et les représentants des pays de l’UE. Des courriers dans lesquels ils décrivent et commentent les (...)

    #NSA #malware #spyware #écoutes #hacking

  • Malware Analysis using #osquery | Part 3
    https://hackernoon.com/malware-analysis-using-osquery-part-3-9dc805b67d16?source=rss----3a8144e

    Malware Analysis using OsqueryThis is part 3. In part 1 of this blog series, we analyzed malware behaviour, and, in part 2, we learned how to detect persistence tricks used in malware attacks. Still, there are more types of events that we can observe with Osquery when malicious activity happens. So, in the last blog post of the series, we will discuss how to detect another example of a technique used in a malware attack, one that involves installing a root certificate in the system that can be used to intercept information transmitted over secure TLS/SSL communications (man in the middle). We will also see how to use the Alienvault Agent and Alienvault USM Anywhere to create custom rules and detect malicious activity in your environment.Detecting newly installed root certificatesRoot (...)

    #blue-team #security #malware-analysis #windows

  • Shamoon, le malware qui terrorise les sociétés pétrolières, en embuscade en Italie
    https://cyberguerre.numerama.com/305-shamoon-le-malware-qui-terrorise-les-societes-petrolieres-

    L’un des logiciels les plus dangereux du monde a refait surface en Italie. Shamoon serait responsable d’une vaste attaque de la compagnie Saipem, liée au secteur pétrolier. La notoriété du malware destructeur Shamoon s’est faite au Moyen-Orient. Connu pour être un des logiciels parmi les plus dangereux du monde, le code malfaisant fut derrière l’immobilisation — à deux reprises — de la Saudi Aramco. La firme pétrolière avait vu ses données détruites et remplacées provoquant de lourds dégâts financiers. (...)

    #malware #hacking #Shamoon #Saipem #Aramco

    //c0.lestechnophiles.com/cyberguerre.numerama.com//content/uploads/sites/2/2018/12/4648545892_7ac77ca30d_b.jpg

  • Shamoon malware destroys data at Italian oil and gas company
    https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company

    A new variant of the Shamoon malware was discovered on the network of Italian oil and gas contractor Saipem, where it destroyed files on about ten percent of the company’s PC fleet, ZDNet has learned. The vast majority of the affected systems were located in the Middle East, where Saipem does a vast majority of its business, but infections were also reported in India, Italy, and Scotland. Shamoon is one of the most dangerous strains of malware known to date. It was first deployed in two (...)

    #Saipem #Aramco #malware #Shamoon #hacking

  • Israeli cyber firm negotiated advanced attack capabilities sale with Saudis, Haaretz reveals

    Just months before crown prince launched a purge against his opponents, NSO offered Saudi intelligence officials a system to hack into cellular phones ■ NSO: We abide the law, our products are used to combat crime and terrorism

    https://www.haaretz.com/israel-news/.premium-israeli-company-negotiated-to-sell-advanced-cybertech-to-the-saudi

    The Israeli company NSO Group Technologies offered Saudi Arabia a system that hacks cellphones, a few months before Crown Prince Mohammed bin Salman began his purge of regime opponents, according to a complaint to the Israel Police now under investigation.
    But NSO, whose development headquarters is in Herzliya, says that it has acted according to the law and its products are used in the fight against crime and terror.
    To really understand Israel and the Middle East - subscribe to Haaretz
    Either way, a Haaretz investigation based on testimony and photos, as well as travel and legal documents, reveals the Saudis’ behind-the-scenes attempts to buy Israeli technology.
    In June 2017, a diverse group gathered in a hotel room in Vienna, a city between East and West that for decades has been a center for espionage, defense-procurement contacts and unofficial diplomatic meetings.
    Keep updated: Sign up to our newsletter
    Email* Sign up

    Arriving at the hotel were Abdullah al-Malihi, a close associate of Prince Turki al-Faisal – a former head of Saudi Arabia’s intelligence services – and another senior Saudi official, Nasser al-Qahtani, who presented himself as the deputy of the current intelligence chief. Their interlocutors were two Israeli businessmen, representatives of NSO, who presented to the Saudis highly advanced technology.

    >> Israel’s cyber-spy industry helps world dictators hunt dissidents and gays | Revealed
    In 2017, NSO was avidly promoting its new technology, its Pegasus 3 software, an espionage tool so sophisticated that it does not depend on the victim clicking on a link before the phone is breached.
    During the June 2017 meeting, NSO officials showed a PowerPoint presentation of the system’s capabilities. To demonstrate it, they asked Qahtani to go to a nearby mall, buy an iPhone and give them its number. During that meeting they showed how this was enough to hack into the new phone and record and photograph the participants in the meeting.
    The meeting in Vienna wasn’t the first one between the two sides. Prime Minister Benjamin Netanyahu has recently expressed pride in the tightening ties with Gulf states, with Israel’s strength its technology. The message is clear: Israel is willing to sell these countries security-related technologies, and they forge closer ties with Israel in the strategic battle against Iran.
    >> $6 billion of Iranian money: Why Israeli firm Black Cube really went after Obama’s team
    According to the complaint, the affair began with a phone call received by a man identified as a European businessman with connections in the Gulf states. On the line was W., an Israeli dealing in defense-related technologies and who operates through Cyprus-based companies. (Many defense-related companies do business in Cyprus because of its favorable tax laws.) W. asked his European interlocutor to help him do business in the Gulf.

    FILE Photo: Two of the founders of NSO, Shalev Julio and Omri Lavi.
    Among the European businessman’s acquaintances were the two senior Saudi officials, Malihi and Qahtani.
    On February 1, 2017, W. and the businessman met for the first time. The main topic was the marketing of cyberattack software. Unlike ordinary weapons systems, the price depends only on a customer’s eagerness to buy the system.
    The following month, the European businessman traveled to a weapons exhibition in the United Arab Emirates, where a friend introduced him to Malihi, the Saudi businessman.
    In April 2017, a meeting was arranged in Vienna between Malihi, Qahtani and representatives of Israeli companies. Two more meetings subsequently took place with officials of Israeli companies in which other Israelis were present. These meetings took place at the Four Seasons Hotel in Limassol, Cyprus, where Israeli cybercompanies often meet with foreign clients.
    >> Snowden: Israeli firm’s spyware was used to track Khashoggi
    The meetings were attended by W. and his son. They were apparently friendly: In photographs documenting one of them, W. and Qahtani are shown after a hunting trip, with the Saudi aiming a rifle at a dead animal.
    In the Vienna meeting of April 2017, the Saudis presented a list of 23 systems they sought to acquire. Their main interest was cybersystems. For a few dozens of millions of dollars, they would be able to hack into the phones of regime opponents in Saudi Arabia and around the world and collect classified information about them.
    According to the European businessman, the Saudis, already at the first meeting, passed along to the representatives of one of the companies details of a Twitter account of a person who had tweeted against the regime. They wanted to know who was behind the account, but the Israeli company refused to say.

    Offices of Israeli NSO Group company in Herzliya, Israel, Aug. 25, 2016Daniella Cheslow/AP
    In the June 2017 meeting, the Saudis expressed interest in NSO’s technology.
    According to the European businessman, in July 2017 another meeting was held between the parties, the first at W.’s home in Cyprus. W. proposed selling Pegasus 3 software to the Saudis for $208 million.
    Malihi subsequently contacted W. and invited him to Riyadh to present the software to members of the royal family. The department that oversees defense exports in Israel’s Defense Ministry and the ministry’s department for defense assistance, responsible for encouraging exports, refused to approve W.’s trip.
    Using the initials for the defense assistance department, W. reportedly said “screw the D.A.” and chartered a small plane, taking with him NSO’s founder, Shalev Hulio, to the meetings in the Gulf. According to the European businessman, the pair were there for three days, beginning on July 18, 2017.
    At these meetings, the European businessman said, an agreement was made to sell the Pegasus 3 to the Saudis for $55 million.
    According to the European businessman, the details of the deal became known to him only through his contacts in the defense assistance department. He said he had agreed orally with W. that his commission in the deal would be 5 percent – $2.75 million.
    But W. and his son stopped answering the European businessman’s phone calls. Later, the businessman told the police, he received an email from W.’s lawyer that contained a fake contract in which the company would agree to pay only his expenses and to consider whether to pay him a bonus if the deal went through.
    The European businessman, assisted by an Israeli lawyer, filed a complaint in April 2018. He was questioned by the police’s national fraud squad and was told that the affair had been transferred to another unit specializing in such matters. Since then he has been contacted by the income tax authorities, who are apparently checking whether there has been any unreported income from the deal.
    The European businessman’s claims seem to be substantiated by correspondence Haaretz has obtained between Cem Koksal, a Turkish businessman living in the UAE, and W.’s lawyers in Israel. The European businessman said in his complaint that Koksal was involved in mediating the deal.
    In a letter sent by Koksal’s lawyer in February of this year, he demanded his portion from W. In a response letter, sent in early March, W.’s attorney denied the existence of the deal. The deal had not been signed, the letter claimed, due to Koksal’s negligence, therefore he was due no commission or compensation of any kind.
    These issues have a wider context. From the claims by the European businessman and Koksal’s letter, it emerges that the deal was signed in the summer of 2017, a few months before Crown Prince Mohammed began his purge of regime opponents. During that purge, the Saudi regime arrested and tortured members of the royal family and Saudi businessmen accused of corruption. The Saudis also held Lebanese Prime Minister Saad al-Hariri for a few days in a Riyadh hotel.
    In the following months the Saudis continued their hunt for regime opponents living abroad, which raised international attention only when the murder of journalist Jamal Khashoggi in the Saudi Consulate in Istanbul came to light in October.
    It has recently been claimed that NSO helped the Saudi regime surveil its opponents. According to an article in Forbes magazine and reports from the Canadian cyber-related think tank Citizen Lab, among the surveillance targets were the satirist Ghanem Almasrir and human rights activist Yahya Asiri, who live in London, and Omar Abdulaziz, who lives in exile in Canada.
    These three men were in contact with Khashoggi. Last month, Edward Snowden, who uncovered the classified surveillance program of the U.S. National Security Agency, claimed that Pegasus had been used by the Saudi authorities to surveil Khashoggi.
    “They are the worst of the worst,” Snowden said of NSO, whose people he accused of aiding and abetting human rights violations.
    NSO’s founders and chief executives are Omri Lavie and Shalev Hulio. The company is registered in Cyprus but its development headquarters is in Herzliya. In 2014 the company was sold to private equity firm Francisco Partners based on a valuation of $250 million.
    Francisco Partners did not respond to Haaretz’s request for comment.
    In May, Verint Systems offered to buy NSO for $1 billion, but the offer was rejected. The company is awash in cash. Earlier this month all its employees went on vacation in Phuket, Thailand. Netta Barzilai, Lior Suchard, the Ma Kashur Trio and the band Infected Mushroom were also flown there to entertain them.
    The Pegasus system developed by NSO was a “one-click system,” meaning that the victim had to press on a link sent to him through phishing. The new system no longer requires this. Only the number of the SIM card is needed to hack into the phone. It’s unknown how Pegasus does this.
    Technology sources believe that the technology either exploits breaches in the cellphone’s modem, the part that receives messages from the antenna, or security breaches in the apps installed on a phone. As soon as a phone is hacked, the speaker and camera can be used for recording conversations. Even encoded apps such as WhatsApp can be monitored.
    NSO’s operations are extremely profitable.
    The company, which conceals its client list, has been linked to countries that violate human rights. NSO says its products are used in the fight against crime and terror, but in certain countries the authorities identify anti-regime activists and journalists as terrorists and subject them to surveillance.
    In 2012, NSO sold an earlier version of Pegasus to Mexico to help it combat the drug cartel in that country. According to the company, all its contracts include a clause specifically permitting the use of its software only to “investigate and prevent crime or acts of terror.” But The New York Times reported in 2016 that the Mexican authorities also surveilled journalists and lawyers.
    Following that report, Mexican victims of the surveillance filed a lawsuit in Israel against NSO last September. This year, The New York Times reported that the software had been sold to the UAE, where it helped the authorities track leaders of neighboring countries as well as a London newspaper editor.
    In response to these reports, NSO said it “operated and operates solely in compliance with defense export laws and under the guidelines and close oversight of all elements of the defense establishment, including all matters relating to export policies and licenses.
    “The information presented by Haaretz about the company and its products and their use is wrong, based on partial rumors and gossip. The presentation distorts reality.
    “The company has an independent, external ethics committee such as no other company like it has. It includes experts in legal affairs and international relations. The committee examines every deal so that the use of the system will take place only according to permitted objectives of investigating and preventing terror and crime.
    “The company’s products assist law enforcement agencies in protecting people around the world from terror attacks, drug cartels, child kidnappers for ransom, pedophiles, and other criminals and terrorists.
    “In contrast to newspaper reports, the company does not sell its products or allow their use in many countries. Moreover, the company greatly limits the extent to which its customers use its products and is not involved in the operation of the systems by customers.”
    A statement on W.’s behalf said: “This is a false and completely baseless complaint, leverage for an act of extortion by the complainants, knowing that there is no basis for their claims and that if they would turn to the relevant courts they would be immediately rejected.”

  • Quebec Artopex pris en otage par des pirates informatiques Ugo Giguère - La Presse canadienne - 26 septembre 2018 - Le Devoir
    https://www.ledevoir.com/economie/537659/artopex-pris-en-otage-par-des-pirates-informatiques

    Quatre des cinq usines québécoises du fabricant de meubles Artopex, l’un des plus gros joueurs dans le marché du mobilier de bureau, ont été temporairement paralysées par une attaque de pirates informatiques qui ont pris leurs données en otage.

    Le président de l’entreprise établie à Granby, Daniel Pelletier, a confirmé à La Presse canadienne que le virus informatique a infiltré les systèmes des usines situées à Granby, Sherbrooke et Laval, le 19 septembre dernier. D’après M. Pelletier, la production a été perturbée durant une période d’environ 48 heures, mais il soutient que seules quelques commandes ont souffert du ralentissement des activités. « On avait déjà préparé un plan de contingence en cas d’attaque informatique, alors on a réussi à redémarrer nos affaires », explique le patron d’Artopex, qui compte plus de 740 employés et figure au palmarès des 50 entreprises les mieux gérées au Canada depuis 11 ans.


    Photo : iStock

    L’entreprise n’est jamais entrée en communication avec les fraudeurs, assure son président. « La demande de rançon vient si tu veux faire décrypter tes données, mais on a déployé notre plan », décrit l’homme d’affaires. La tentative de fraude a rapidement été dénoncée auprès des autorités policières et du Centre antifraude du Canada. Une vaste opération de nettoyage de l’ensemble des serveurs et de remise en fonction des données sauvegardées a cependant été nécessaire avant que les activités puissent reprendre.

    Environ une semaine après l’incident, vraisemblablement provoqué par un courriel malicieux envoyé à un employé, Artopex fonctionnerait à 95 % de ses capacités, aux dires de son plus haut dirigeant. L’entreprise soutient par ailleurs ne pas s’être fait voler d’informations. Des renseignements confidentiels sur ses employés et ses clients auraient pu tomber en de mauvaises mains, mais la compagnie dit être certaine que rien n’a été dérobé.

    Il s’agirait de la toute première expérience du genre pour l’entreprise familiale fondée en 1980.

    Selon les informations disponibles sur le site Internet de la Gendarmerie royale du Canada, les attaques de rançongiciels seraient constamment en hausse. La GRC révèle que 1600 cas ont été recensés en 2015 et que ce chiffre aurait doublé en 2016. Ce qui exclut bien sûr tous les incidents non déclarés. Dans la même veine, Statistique Canada rapporte que parmi les cybercrimes déclarés par la police, les cas de fraudes sont passés de 7332 en 2014 à 11 383 en 2016, alors que les cas d’extorsion sont passés de 441 en 2014 à 797 en 2016.

    #ransomware #spam #spams #les_poètes_du_spam #internet #malware

  • #satan #ransomware Spawns New Methods to Spread
    https://hackernoon.com/satan-ransomware-spawns-new-methods-to-spread-4136647145e?source=rss----

    Today, we are sharing an example of how previously known malware keeps evolving and adding new techniques to infect more systems.BleepingComputer first reported on Satan ransomware in January 2017. Recently, Satan Ransomware was identified as using the #eternalblue exploit to spread across compromised environments (BartBlaze’s blog). This is the same exploit associated with a previous WannaCry Ransomware campaign. While Microsoft patched the vulnerability associated with EternalBlue in March 2017, many environments remain vulnerable.Unusually, we’ve identified samples of Satan Ransomware that not only include EternalBlue, but also a far larger set of propagation methods:This Satan variant attempts to propagate through:JBoss CVE-2017–12149Weblogic CVE-2017–10271EternalBlue exploit (...)

    #malware-analysis #security

  • Pakistan. Les défenseurs des droits humains sont la cible d’une campagne de cyberattaques et de surveillance
    https://www.amnesty.org/fr/latest/news/2018/05/pakistan-campaign-of-hacking-spyware-and-surveillance-targets-human-rights-

    Les défenseurs des droits humains au Pakistan sont la cible d’une campagne de cyberattaques : leurs comptes de réseaux sociaux sont piratés et leurs ordinateurs et téléphones portables infectés par des logiciels espions, révèle une enquête menée par Amnesty International pendant quatre mois. Dans un nouveau rapport rendu public le 15 mai, Human Rights Under Surveillance : Digital Threats against Human Rights Defenders in Pakistan, Amnesty International révèle que les pirates utilisent de fausses (...)

    #malware #spyware #surveillance #activisme #Amnesty

  • Sophisticated Android malware tracks all your phone activities
    https://www.engadget.com/2018/05/07/zoopark-android-malware-exfiltration

    It targets Middle East victims for cyber espionage purposes. An advanced type of malware can spy on nearly every Android smartphone function and steal passwords, photos, video, screenshots and data from WhatsApp, Telegram and other apps. “ZooPark” targets subjects in the Middle East and was likely developed by a state actor, according to Kaspersky Lab, which first spotted and identified it. ZooPark has evolved over four generations, having started as simple malware that could “only” steal (...)

    #WhatsApp #Telegram #Android #malware #hacking

  • Bayern führt die Unendlichkeitshaft ein!! Personen, die keine Straf...
    https://diasp.eu/p/6967870

    Bayern führt die Unendlichkeitshaft ein!!

    Personen, die keine Straftat begangen haben, aber im Verdacht stehen, dies zu tun, können in Zukunft präventiv in Gewahrsam genommen werden!

    http://www.sueddeutsche.de/bayern/bayern-gefaehrder-gesetz-verschaerft-1.3595274

    #Staatstrojaner #Bundeskriminalamt #Online-Durchsuchungen #Telekommunikationsüberwachung #Überwachung #Trojaner #datenschutzrecht #Strafverfolgung #Internet-Telefonate IT-Unsicherheit #Bundestrojaner #Quellen-TKÜ #FinFisher-Hersteller Gamma #Informationstechnik #Sicherheitsbehörden #durchsuchen #Rechtsgrundlagen #Netzpolitik #BND #NSA #IT-Security #Malware #Firewall (...)

  • Citizen Lab dénonce des redirections invisibles des internautes en Turquie et Égypte
    https://www.nextinpact.com/brief/citizenlab-denonce-des-redirections-invisibles-des-internautes-en-turqui

    Ce sont des accusations fortes portées par le laboratoire canadien, basé à Toronto. La Turquie utiliserait des équipements DPI (deek packet inspection) de Procera Networks, impactant du même coup la Syrie. L’Égypte ferait de même, mais avec des produits Sandvine. En Turquie, Citizen Lab aurait ainsi découvert la présence d’équipements sur le réseau de Turk Telekom. Des internautes turques et syriens étaient ainsi redirigés vers des pages contenant des malwares alors qu’ils souhaitaient initialement (...)

    #Sandvine/Procera #TurkTelecom #Deep_Packet_Inspection_(DPI) #malware #spyware #sécuritaire #web #surveillance #phishing (...)

    ##Sandvine/Procera ##Deep_Packet_Inspection__DPI_ ##CitizenLab

  • Der Angriff auf die IT-Infrastruktur der Olympischen Spiele in Pyeo...
    https://diasp.eu/p/6842079

    Der Angriff auf die IT-Infrastruktur der Olympischen Spiele in Pyeongchang war wohl nur eine Übung darin, anderen einen Cyberangriff in die Schuhe zu schieben. Das jedenfalls legen neue Erkenntnisse von Forschern nahe, die Zugang zu der Malware hatten. Olympic Destroyer: Hackerangriff auf die Olympischen Spiele lief unter falscher Flagge #Hackerangriff #Kaspersky #Lazarus #Malware #OlympicDestroyer #OlympischeSpiele #Pyeongchang

  • Plus de 40 modèles de smartphones chinois sortent d’usine avec un malware préinstallé
    https://www.numerama.com/tech/333873-plus-de-40-modeles-de-smartphones-chinois-sortent-dusine-avec-un-ma

    Un malware est préinstallé dans la ROM d’une quarantaine de smartphones chinois. Et vous ne pouvez pas y faire grand-chose. Il serait difficile pour nous de vous conseiller l’installation d’un antivirus sur Android — le mieux est d’adopter une pratique saine du smartphone et de ne pas accepter n’importe quelle autorisation ou d’installer des applications qui paraissent louches, surtout en dehors du Google Play. Mais Dr.Web, entreprise russe spécialisée dans les solutions de protection logicielle, a (...)

    #Trojan #Android #malware #hacking

  • How UK Spies Hacked a European Ally and Got Away With It
    https://theintercept.com/2018/02/17/gchq-belgacom-investigation-europe-hack

    For a moment, it seemed the hackers had slipped up and exposed their identities. It was the summer of 2013, and European investigators were looking into an unprecedented breach of Belgium’s telecommunications infrastructure. They believed they were on the trail of the people responsible. But it would soon become clear that they were chasing ghosts – fake names that had been invented by British spies. The hack had targeted Belgacom, Belgium’s largest telecommunications provider, which serves (...)

    #Belgacom #GCHQ #Proximus #malware #hacking

  • JavaScript Cryptomining Scripts Discovered in 19 Google Play Apps
    https://www.bleepingcomputer.com/news/security/javascript-cryptomining-scripts-discovered-in-19-google-play-apps

    There doesn’t appear to be an end in sight for the cryptojacking scourge affecting all facets of the web right now.

    If you’re not bored already of reading yet another incident where miscreants deployed the Coinhive in-browser script to mine Monero behind users’ backs, then this article might interest you.
    Coinhive found inside Play Store apps

    Our article is based on a 13-page report published last week by UK cyber-security firm Sophos. According to the company, its engineers discovered 19 Android applications that were uploaded and made available through the official Google Play Store.

    #Cryptomonnaie #Cryptojacking #Malware