{"id":28,"date":"2019-06-07T11:57:56","date_gmt":"2019-06-07T09:57:56","guid":{"rendered":"http:\/\/www.iicrai.org\/?p=28"},"modified":"2019-06-09T18:41:11","modified_gmt":"2019-06-09T16:41:11","slug":"press-review-05072019","status":"publish","type":"post","link":"https:\/\/www.iicrai.org\/fr\/press-review-05072019\/","title":{"rendered":"Revue de presse Cybersecurit\u00e9 07 Juin 2019"},"content":{"rendered":"

\u00a0<\/span><\/p>\n

\n

Cybers\u00e9curit\u00e9 Revue de presse<\/strong><\/p>\n<\/div>\n

IICRAI<\/strong><\/p>\n

Vendredi 07 juin 2019<\/span><\/strong><\/p>\n

\n

CYBERCRIME<\/span><\/strong><\/p>\n<\/div>\n

Google admits advanced backdoors installed on Android devices<\/span><\/em><\/strong><\/p>\n

Google has declared on an official note that some of the low-end smartphones operating on Android OS mighthaveadvanced backdoors preinstalled in them from manufacturing factories.<\/span><\/p>\n

Cybersecurity-Insiders.com<\/span><\/a><\/span><\/p>\n

\n
\n

MALWARE<\/span><\/strong><\/p>\n<\/div>\n

The RIG Exploit Kit is Now Pushing the Buran Ransomware<\/span><\/em><\/strong><\/p>\n

The RIG exploit kit is now infecting victim’s computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.<\/span><\/p>\n

Bleepingcomputer.com<\/span><\/a><\/span><\/p>\n

\n

GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers<\/span><\/em><\/strong><\/p>\n

RDP, the remote desktop protocol, made the news recently after Microsoft patched a critical remote code execution vulnerability (CVE-2019-0708). While the reporting around this \u00ab\u00a0Bluekeep\u00a0\u00bb vulnerability focused on patching vulnerable servers, exposing RDP to the Internet has never been a good idea.<\/span><\/p>\n

Isc.sans.edu<\/span><\/a><\/span><\/p>\n

Zdnet.fr<\/span><\/a><\/span><\/p>\n

\n

Doctor Web pr\u00e9sente son Rapport viral sur les menaces ayant cibl\u00e9 les appareils mobiles au cours du mois de mai 2019<\/span><\/em><\/strong><\/p>\n

Le mois dernier, les utilisateurs d\u2019Android se sont vus \u00e0 nouveau menac\u00e9s par des logiciels malveillants diffus\u00e9s via Google Play. Parmi les menaces d\u00e9tect\u00e9es, on voit les chevaux de Troie publicitaires Android.HiddenAds et les spywares Android.SmsSpy qui interceptent des SMS.<\/span><\/p>\n

News.drweb.fr<\/span><\/a><\/span><\/p>\n

\n
\n

CRYPTO-CURRENCY<\/span><\/strong><\/p>\n<\/div>\n

Hackers steal $9.5 million from GateHub cryptocurrency wallets<\/span><\/strong><\/em><\/p>\n

Hackers have stolen 23.2 million Ripple coins (XRP), worth nearly $9.5 million, from the users of the GateHub cryptocurrency wallet service.
\nThe company admitted to the security breach in a preliminary statement posted on its website.<\/span><\/p>\n

Zdnet.com<\/span><\/a><\/span><\/p>\n

Gatehub.net<\/span><\/a><\/span><\/p>\n

\n

Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds<\/span><\/strong><\/em><\/p>\n

If you’re a cryptocurrency startup, would you face a huge backlash by hacking your own customers to keep their funds safe if you know that a hacker is about to launch an attack and steal their funds?
\nThis is exactly what happened yesterday when the Komodo Platform learned about a backdoor in one of its older wallet apps named Agama.<\/span><\/p>\n

Zdnet.com<\/span><\/a><\/span><\/p>\n

\n
\n

VULNERABILITIES<\/span><\/strong><\/p>\n<\/div>\n

New RCE vulnerability impacts nearly half of the internet’s email servers<\/span><\/p>\n

A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today.
\nThe vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.<\/span><\/p>\n

Zdnet.com<\/span><\/a><\/span><\/p>\n

\n
\n

DATA BREACH<\/span><\/strong><\/p>\n<\/div>\n

7.7 million LabCorp records stolen in same hack affecting Quest<\/span><\/strong><\/em><\/p>\n

The Burlington, North Carolina-based medical giant said 7.7 million patients had their personal and financial data stolen by hackers, which hit the payment pages of the American Medical Collection Agency, a third-party vendor that processes payments for LabCorp and other companies. The admission comes a day after Quest Diagnostics around 11.9 million patients had their data stolen.<\/span><\/p>\n

Techcrunch.com<\/span><\/a><\/span><\/p>\n

Nextinpact.com<\/span><\/a><\/span><\/p>\n

Threatpost.com<\/span><\/a><\/span><\/p>\n

\n

Comment les pirates informatiques gagnent de l’argent avec vos donn\u00e9es m\u00e9dicales vol\u00e9es<\/span><\/strong><\/em><\/p>\n

Les vols de donn\u00e9es sont devenus si courants que leur impact, du moins dans l\u2019esprit de beaucoup d\u2019entre nous, s’est att\u00e9nu\u00e9.<\/span><\/p>\n

Zdnet.fr<\/span><\/a><\/span><\/p>\n

\n
\n

PRIVACY<\/span><\/strong><\/p>\n<\/div>\n

The FBI is sitting on more than 641m photos of people\u2019s faces<\/span><\/strong><\/em><\/p>\n

Toss the FBI\u2019s massive facial recognition (FR) databases into the wash, add recommendations about privacy laws that the government watchdog GAO (Government Accountability Office) laid out back in 2016, and set the dial to three years later<\/span><\/p>\n

Nakedsecurity.sophos.com<\/span><\/a><\/span><\/p>\n

\n
\n

LAWS & REGULATION<\/span><\/strong><\/p>\n<\/div>\n

Publication d\u2019un d\u00e9cret d\u2019application de la loi Informatique et libert\u00e9s<\/span><\/strong><\/em><\/p>\n

Le 30 mai 2019, le d\u00e9cret n\u00b0 2019-536 du 29 mai 2019 pris pour l’application de la loi n\u00b0 78-17 du 6 janvier 1978 relative \u00e0 l’informatique, aux fichiers et aux libert\u00e9s a \u00e9t\u00e9 publi\u00e9. Il compl\u00e8te les dispositions de la loi Informatique et libert\u00e9s telles que modifi\u00e9es par l\u2019ordonnance du 12 d\u00e9cembre 2018 en modifiant notamment les r\u00e8gles applicables aux contr\u00f4les effectu\u00e9s par la CNIL et en pr\u00e9cisant les modalit\u00e9s d\u2019exercice de leurs droits par les personnes concern\u00e9es. Ce d\u00e9cret est entr\u00e9 en vigueur le 1er juin 2019.<\/span><\/p>\n

Cyberdroit.fr<\/span><\/a><\/span><\/p>\n

\n
\n

BUZZ<\/span><\/strong><\/p>\n<\/div>\n

Une br\u00e8ve histoire de la cybers\u00e9curit\u00e9 fran\u00e7aise (partie 1 : du XVe si\u00e8cle \u00e0 1918)<\/span><\/strong><\/em><\/p>\n

Alors que l\u2019Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI) f\u00eate ses 10 ans, notre conviction est que toute r\u00e9flexion sur les enjeux strat\u00e9giques actuels et futurs de la s\u00e9curit\u00e9 num\u00e9rique se nourrira utilement d\u2019un regard r\u00e9trospectif sur les origines de celle-ci.<\/span><\/p>\n

Upsigma.fr<\/span><\/a><\/span><\/p>\n

\n

Artificial Intelligence: an opportunity for cyber-crisis management in the EU<\/span><\/strong><\/em><\/p>\n

On 3 and 4 June 2019, the EU Agency for Cybersecurity, ENISA organised a conference in Athens, which focused on the future of the EU cyber-crisis management.<\/span><\/p>\n

Enisa.europa.eu<\/span><\/a><\/span><\/p>\n

\n

Et si le site des imp\u00f4ts avait \u00e9t\u00e9 la cible d’une attaque et non d’un bug ?<\/span><\/strong><\/em><\/p>\n

Les Fran\u00e7ais se sont-ils ru\u00e9s \u00e0 la derni\u00e8re minute pour d\u00e9clarer leurs imp\u00f4ts sur le revenu, provoquant un bug ? Une enqu\u00eate ouverte par l’Agence de s\u00e9curit\u00e9 de l’Etat (Anssi) vise \u00e0 d\u00e9terminer si le site des imp\u00f4ts n’a pas \u00e9t\u00e9 cibl\u00e9 par une attaque.<\/span><\/p>\n

Zdnet.fr<\/a><\/span><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\u00a0 Cybers\u00e9curit\u00e9 Revue de presse IICRAI Vendredi 07 juin 2019 CYBERCRIME Google admits advanced backdoors installed on Android devices Google has declared on an official note that some of the low-end smartphones operating on Android OS mighthaveadvanced backdoors preinstalled in…<\/p>\n","protected":false},"author":1,"featured_media":279,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-28","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-press-review"],"_links":{"self":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/posts\/28","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":22,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":281,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/posts\/28\/revisions\/281"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/media\/279"}],"wp:attachment":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}