Voici les incidents majeurs concernant des pertes ou des vols de données découverts la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.
270GB of New York Times Internal Data and Source Code Leaked
An anonymous hacker has claimed to have leaked 270 GB of internal data and source code from The New York Times (NYT) on the controversial image board 4chan.
TikTok says it fixed a vulnerability that enabled a cyberattack on high-profile accounts
TikTok has stopped the malware attacks targeting high-profile users like CNN and Paris Hilton. The cyberattack involved direct messages laced with malicious code.
Plus de 600 000 données volées : une cyberattaque aurait frappé la marque française Zadig & Voltaire
Plus de 600 000 fichiers clients volés à Zadig & Voltaire sont apparus sur un forum de pirates. La fuite contient une montagne de données personnelles sur les utilisateurs, accentuant les risques de phishing et d’usurpation d’identité en France.
Hotel Kiosks Vulnerability Exposed Guest Data, Room Access
A security vulnerability in Ariane Allegro Hotel Check-In Kiosks exposed guest data and room access – Patch is now available!
CySecurity News – Latest Information Security and Hacking Incidents: EU Accuses Microsoft of Secretly Harvesting Children’s Data
EU has filed two complaints against Microsoft under Article 77 of the GDPR, alleging that the tech giant breached school children’s privacy rights.
Un prestataire externe de la Ville d’Yverdon-les-Bains victime d’une cyberattaque
Un prestataire externe du Service des énergies de la ville d’Yverdon-les-Bains (VD) a été victime fin mai d’une cyberattaque. Près de 12’300 particuliers et entreprises pourraient être concernés. Mais à ce stade, rien n’indique que des données aient été consultées ou copiées.
Malware can steal data collected by the Windows Recall tool
Cybersecurity researchers demonstrated how malware could potentially steal data collected by the new Windows Recall feature.
361 million stolen accounts leaked on Telegram added to HIBP
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised.
Australian mining company discloses breach after BianLian leaks data
Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web.
Ukraine says hackers abuse SyncThing tool to steal data
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed “SickSync,” launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
Vulnerability in Cisco Webex cloud service exposed government authorities, companies – Help Net Security
A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.
Hackers Leak 221,470 Users’ Data in “Tech in Asia” News Outlet Breach
A database owned by Tech in Asia, a tech news outlet focusing on startups and tech innovations across Asia, has allegedly been compromised.
Crimson Palace: Chinese Hackers Steal Military Secrets Over 2 Years
Sophos uncovers “Operation Crimson Palace, a long-term cyberespionage effort targeting a Southeast Asian government.
CySecurity News – Latest Information Security and Hacking Incidents: First American Reveals Impact of December Cyberattack
The attack occurred less than a month after First American was fined $1 million.
CySecurity News – Latest Information Security and Hacking Incidents: Google Leak Reveals Concerning Privacy Practices
Read ahead to know how concerned we should really be about privacy.
Collection agency FBCS ups data breach tally to 3.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February.
Los Angeles Unified School District investigates data theft claims
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor’s claims that they’re selling stolen databases containing records belonging to millions of students and thousands of teachers.