yaracroft @venom@nanao.cybtex.fr

The top of the cybercriminal pyramid is represented by the #market for zero-days. It is an extremely expensive and competitive one, and it's usually been a prerogative of state-sponsored threat groups. However, certain high-profile cybercriminal groups (read: #ransomware gangs) have amassed incredible fortunes and can now compete with the traditional buyers of #0days exploits. During our investigation for this research piece we've noticed cybercriminals discussing ideas for an Exploit-as-a-Service #business model that would inevitably lower the barrier for accessing sophisticated #exploits. #vuln #cyber #threats #informatique

https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-whats-the-word-in-dark-web-forums/

Record rise in #UK #cyber attacks with a FIFTH targeted at #Covid and #vaccine research #firms, GCHQ agency reveals. #threats #informatique

https://www.dailymail.co.uk/news/article-10211343/Record-rise-UK-cyber-attacks-FIFTH-targeted-Covid-vaccine-research-firms.html

« 82% of #health systems reported experiencing an #IoT #cyber attack in last 18 months » Medigate, healthcare's leading clinical device data security and integration platform, today announced it has launched a research collaboration with CrowdStrike, a leader of cloud-delivered endpoint and workload protection. #ransomware #medical #business #informatique

https://www.prnewswire.com/news-releases/82-percent-of-health-systems-reported-experiencing-an-iot-cyberattack-in-last-18-months-301425405.html

Mi-juillet 2021, la Ville d'Erstein (ville-erstein.fr) & l'intercommunalité sont victimes d'une attaque informatique par « rançongiciel » qui fait perdre une importante quantité de données #france #ransomware #city #databreach #informatique

https://www.dna.fr/faits-divers-justice/2021/11/17/une-cyberattaque-detruit-des-annees-de-travail

🇫🇷 Le groupe français Eduservices (groupe-eduservices.fr) confronté à une #cyber attaque informatique impliquant un #ransomware. Eduservices regroupe 19 écoles d'enseignement supérieur privé ce qui représente ±30 000 étudiants : Ecole Internationale Tunon, Ipac Bachelor Factory, ISCOM, MBway, MyDigitalSchool, Win, Pigier, AFTEC, Cap Vers, ESICAD, ESPL, IPAC, Isifa Plus Values, IHECF, Ipac Design, Esimode, Acfamultimedia, Studio M, Cime Art. #france #education #campus #databreach #threats #informatique

https://www.lemagit.fr/actualites/252509557/Enseignement-superieur-le-groupe-Eduservices-touche-par-une-cyberattaque

« We are in a crisis of trust and truth » 🔥 Information disorder is a crisis that exacerbates all other crises. When bad information becomes as prevalent, persuasive, and persistent as good information, it creates a chain reaction of harm. #cyber #warfare #threats #informatique

https://www.aspeninstitute.org/wp-content/uploads/2021/11/Aspen-Institute_Commission-on-Information-Disorder_Final-Report.pdf

Since early September 2021, Josh Muir and five other maintainers of the noblox.js package, have been trying to prevent cybercriminals from distributing #ransomware through similarly named code libraries. Noblox.js is a wrapper for the Roblox API, which many gamers use to automate interactions with the hugely popular #Roblox #game platform. The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox #gamers. Ongoing #typosquatting attacks target kids as #Discord drags its feet. #cyber #gaming #threats #informatique

https://www.theregister.com/2021/11/16/nobloxjs_typosquatting_discord/

🔌 Massive #Google #Cloud #outage takes down #Spotify, #Discord, #Snapchat, and many more. #incident #technologies #digital #numérique #panne #informatique

https://www.theverge.com/2021/11/16/22785599/google-cloud-outage-spotify-discord-snapchat-google-cloud

🇧🇪 Fuite de données sur la plateforme Bruvax : la Cocom reconnaît la présence d'une faille de sécurité qui permet de connaitre le statut vaccinal de n'importe quel Bruxellois, le MR convoque Alain Maron devant le Parlement. Le gouvernement bruxellois va devoir clairement s'expliquer sur ces manquements graves au RGPD. L'association Charta 21 est à l'origine de l'alerte concernant cette violation de données caractérisée. #belgique #politics #santé #digital #europe #covid19 #medical #rgpd #health #justice #scandal #numérique #informatique

https://www.lalibre.be/belgique/societe/2021/11/16/fuite-de-donnees-sur-la-plateforme-bruvax-la-cocom-reconnait-lerreur-le-mr-convoque-alain-maron-devant-le-parlement-AZD3I2YSKJGCBHZZFZXFFRTCLU/

Today, we are sharing details of recent incidents on the npm registry, the details of our investigations. These investments include the requirement of two-factor authentication (#2FA) during #authentication for maintainers and admins of popular packages on #npm, starting with a cohort of top packages in the first quarter of 2022. #cyber #threats #informatique

https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/

AFNOR (afnor.org) hit by cyber attack with #ransomware #Ryuk « An experience you wouldn't wish to anyone... but highly instructive » #france #cyber #threats #informatique

https://www.youtube.com/watch?v=SvwHHpunXrM

Le #botnet Emotet refait surface. Pourtant, en janvier 2021, une opération internationale - chapeautée par Europol et Eurojust - avait réussi à prendre le contrôle de l'infrastructure Emotet. Les serveurs avaient été physiquement saisis par les autorités des différents pays impliqués #cyber #threats #informatique

https://www.usine-digitale.fr/article/demantele-par-europol-en-janvier-le-botnet-emotet-refait-surface.N1160362

« It's appalling » ; « What is wrong with these people in terms of the lack of security? » ; « If data has been accessed the potential for it to be copied and rendered in ways that were never contemplated escalates dramatically … That's pretty lame [saying] the data has been only accessed. » ( Ann Cavoukian ) #canada #medical #hospital #healthcare #santé #patients #records #cyber #health #employees #informatique

https://www.itworldcanada.com/article/cavoukian-on-newfoundland-cyber-attack-its-appalling/465317

La start-up française Lifen (lifen.fr)annonce une levée de fonds de 50 millions d'euros auprès de Creadev et Lauxera Capital Partners, avec la participation des investisseurs historiques Partech, Serena et la MACSF. #medical #business #informatique

https://www.dsih.fr/article/4467/lifen-leve-50m-pour-porter-la-sante-numerique-au-coeur-de-l-hopital.html

🧟 Emotet revient d'outre-tombe 🔥 #botnet #malware #spam #cyber #threats #ransomware #informatique

https://cyber.wtf/2021/11/15/guess-whos-back/

#Intel : CVE-2021-0157 & CVE-2021-0158 #vuln #informatique

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html

What if a #backdoor literally cannot be seen and thus evades detection even from thorough code reviews ? Homoglyph attacks & invisible characters can pose a threat. #javacript #coding #threats #informatique

https://certitude.consulting/blog/en/invisible-backdoor/

CyrusOne & CoreSite, spécialisées dans la conception et la gestion de centres de données, vont être rachetés pour près de 19 milliards $USD au total, 25 milliards de dollars en incluant leurs dettes #usa #datacenter #business #informatique

https://www.nasdaq.com/articles/data-center-reit-merger-frenzy-sees-cyrusone-go-private-in-%2415-billion-deal-2021-11-15

« The Far-Reaching Attacks of the Void Balaur Cybermercenary Group » #cyber #threats #phishing #malware #espionage #informatique

https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf

🇧🇪 L'association Charta 21 alerte d'une violation de données flagrante. Une simple prise de rendez-vous sur la plateforme de gestion de #vaccination Bruvax permet de déduire le statut vaccinal #covid-19 de n'importe quel Bruxellois. #belgique #santé #digital #covid19 #medical #rgpd #health #justice #scandal #numérique #informatique

https://www.lesoir.be/406542/article/2021-11-16/bruxellois-votre-patron-et-votre-banquier-peuvent-savoir-si-vous-etes-vaccine