yaracroft @venom@nanao.cybtex.fr

Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States

https://www.justice.gov/usao-sdtx/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft

New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)

https://unit42.paloaltonetworks.com/cve-2021-20291/

Michelle Dionne lost her job cleaning at an elementary school in Darwell, Alberta, after her employer ordered staff to install an app on their personal smartphones that would keep track of their location and work hours.

https://www.cbc.ca/news/gopublic/tattleware-privacy-employment-1.5978337

Custodian claims she was fired for not downloading tracking app

https://www.cbc.ca/player/play/1884082243593

Security bug allows attackers to brick kubernetes clusters

https://threatpost.com/security-bug-brick-kubernetes-clusters/165413/

On April 13, the #FBI conducted a court-authorized operation to remove hundreds of malicious web shells from vulnerable Microsoft Windows in the U.S. to disrupt the exploitation of vulnerabilities in Microsoft's email server software. However, the operation did not search for or remove additional malware or hacking tools that hacking groups may have placed on victim networks through the web shells.

https://www.ic3.gov/Media/News/2021/210414.pdf

Parents who were already struggling during the pandemic have had to deal with ransomware attacks on schools.

https://www.nbcnews.com/tech/security/parents-end-chain-ransomware-hit-rcna646

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

https://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/

Cryptocam is designed to defend against an attacker with physical access to your device after you’ve recorded videos. Encryption is done using age by Filippo Valsorda (X25519 and ChaCha20).

https://cryptocam.gitlab.io/

Indian stock trading firm Upstox has revealed to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers' personal information.

https://grahamcluley.com/upstox-warns-of-serious-data-breach-resets-passwords/

Dutch supermarkets run out of cheese after ransomware attack

https://www.bleepingcomputer.com/news/security/dutch-supermarkets-run-out-of-cheese-after-ransomware-attack/

IcedID ( BokBot ) en bonne position pour prétendre à la succession d'Emotet

https://www.lemagit.fr/actualites/252499092/Spam-malicieux-IcedID-prend-la-succession-dEmotet

Les systèmes informatiques et téléphoniques de Ville de Morières (ville-moriereslesavignon.fr) impactés par une attaque informatique suite à une infection de type ransomware.

http://www.ville-moriereslesavignon.fr/la-ville-victime-d-une-cyber-attaque

Attacco hacker al sistema informatico della concessionaria del Gruppo Gino

A firmarla il Gruppo Gino spa di Cuneo, principale dealer nel settore delle automobili della Granda, fra i più importanti a livello nazionale, che ogni anno consegna oltre 10 mila vetture di prestigiosi marchi ( Mercedes Benz , BMW , Mini , Aston Martin ), 8 filiali e 340 dipendenti tra Piemonte, Liguria e Toscana, con un fatturato da 250 milioni di euro.

https://www.lastampa.it/cuneo/2021/04/10/news/il-sistema-informatico-della-concessionaria-del-gruppo-gino-in-tilt-per-l-attacco-degli-hacker-1.40133329

La plateforme numérique iXBus de télétransmission de documents aux élus de Cannes Pays de Lérins et du Cannet. La société prestataire SRCI annonce une reprise prochaine mais avec des perturbations.

https://actu.fr/politique/alpes-maritimes-victime-d-une-cyber-attaque-le-conseil-d-agglo-de-cannes-et-du-cannet-reporte_40970431.html

🇮🇷 Iran : le complexe nucléaire de Natanz touché par un acte de « terrorisme », selon Téhéran. Un blackout électrique a eu lieu ce dimanche 11 avril 2021 mettant hors d'usage l'infrastructure. Cet incident intervient quelques heures après l'annonce du démarrage des nouvelles centrifugeuses avancées permettant d'accélérer la production d'uranium enrichi ( en violation des termes de l'accord de Vienne). Cet accident n'a fait ni morts ni blessés, une enquête a été ouverte.

https://www.upi.com/Top_News/World-News/2021/04/11/Iran-Natanz-nuclear-facility-power-outage-Iran-suspects-sabatoge/3131618158675/

Nation States, Cyberconflict and the Web of Profit

https://threatresearch.ext.hp.com/web-of-profit-nation-state-report/

This blog post details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three.

https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html