Le Comptoir Sécu: [SECActu] 25 Sept 2022 - MFA under attack, CHSF, OCD, Priorisation IR, Teams Tokens, Albanie, etc.
L'équipe du Comptoir Sécu 9/25/22 - Episode Page
<![CDATA[https://www.comptoirsecu.fr/images/covers/2022-09-25-sechebdo-vignette.jpg" />
]]>
<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>
<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2022-09-25.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2022-09-25.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2022-09-25-sechebdo-vignette.jpg",
"title": "[SECActu] 25 Sept 2022",
"subtitle": "MFA under attack, CHSF, OCD, Priorisation IR, Teams Tokens, Albanie, etc.",
"description": "Épisode du 2022-09-25 - SECActu est une revue de l'actualité cybersécurité réalisée en live sur Youtube, en général une fois par mois."
,"chaptermarks": [
{ "start": "00:01:30", "title": "Todo"}
]
}
}
</script>
<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K+kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>
<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>
<p>A bientôt pour d’autres émissions/podcasts!</p>
<h3 id="liste-des-sources">Liste des sources :</h3>
<ul>
<li>Le Phishing de comptes MFA se démocratise
<ul>
<li><a href="https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html">New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security</a></li>
<li><a href="https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/">Just a moment…</a></li>
<li><a href="https://krebsonsecurity.com/2022/08/how-1-time-passcodes-became-a-corporate-liability/">How 1-Time Passcodes Became a Corporate Liability – Krebs on Security</a></li>
<li><a href="https://www.techrepublic.com/article/cookie-theft-threat-when-multi-factor-authentication-is-not-enough/">Cookie theft threat: When multi-factor authentication is not enough | TechRepublic</a></li>
<li><a href="https://www.yubico.com/blog/yubikeys-protecting-critical-it-infrastructure-in-ukraine/">YubiKeys protecting critical IT infrastructure in Ukraine - Yubico</a></li>
</ul></li>
<li>Teams et les tokens de sessions en clair sur le disque - Vuln or not vuln?
<ul>
<li><a href="https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens">Undermining Microsoft Teams Security by Mining Tokens</a></li>
<li><a href="https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283">It rather involved being on the other side of this airtight hatchway - The Old New Thing</a></li>
</ul></li>
<li>Leçons du breach Uber
<ul>
<li><a href="https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/">Just a moment…</a></li>
</ul></li>
<li>Matrice de priorisation d’incidents vu par l’IR
<ul>
<li><a href="https://blog.joshlemon.com.au/cybersecurity-alert-priority-matrix-92a20fe8d955">Cybersecurity Alert Priority Matrix</a></li>
</ul></li>
<li>Albania Attacks by Iran
<ul>
<li><a href="https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against">Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations | Mandiant</a></li>
<li><a href="https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/">Microsoft investigates Iranian attacks against the Albanian government - Microsoft Security Blog</a></li>
</ul></li>
<li>Mandiant attrib 3 hacktivist groups to G®U
<ul>
<li><a href="https://www.mandiant.com/resources/blog/gru-rise-telegram-minions">GRU: Rise of the (Telegram) MinIOns | Mandiant</a></li>
</ul></li>
<li>Découverte du moment
<ul>
<li><a href="https://m.youtube.com/playlist?list=PLBNtagSCmDWyUcCsdq7m5ljKYDYTNG9R1">Deep Dive Into Wireshark - YouTube</a></li>
</ul></li>
<li>Centre hospitalier
<ul>
<li><a href="https://www.lemagit.fr/actualites/252524725/Centre-hospitalier-Sud-Francilien-ce-que-dit-lautopsie-de-la-cyberattaque">Centre hospitalier Sud-Francilien : ce que dit l’autopsie de la cyberattaque</a></li>
<li><a href="https://www.francetvinfo.fr/internet/securite-sur-internet/cyberattaques/hopital-de-corbeil-essonnes-les-hackers-publient-les-donnees-piratees_5380585.html">Hôpital de Corbeil-Essonnes : les hackers publient les données piratées</a></li>
</ul></li>
<li>OCD
<ul>
<li><a href="https://www.orangecyberdefense.com/global/news/orange-cyberdefense/information-regarding-the-incident-on-september-4th-2022">Orange Cyberdefense: Information regarding the incident on September 4th 2022</a></li>
</ul></li>
</ul>