Want to gain access to Metacurity’s archives and special content (plus a few surprising premium benefits in a month or so)? Sign up to become a subscriber today.

French information security agency ANSSI published an advisory warning that hackers with links to Sandworm, a Russian hacking group run out of the country’s GRU military agency, have stealthily targeted French firms by exploiting an IT monitoring tool called Centreon, made by a firm of the same name, attacks that go back to 2017.

The victims were"mostly" IT firms and particularly web hosting companies. Although not named as victims by ANSSI, among Centreon’s customers are telecom providers Orange and OptiComm, IT consulting firm CGI, defense and aerospace firm Thales, steel and mining firm ArcelorMittal, Airbus, Air France KLM, logistics firm Kuehne + Nagel, nuclear power firm EDF, and the French Department of Justice. (Andy Greenberg / Wired)

Related: Tech Xplore, Bleeping Computer, ZDNet, iTnews - Security, Reuters, SiliconANGLE, Tech Xplore, Eurasia Review, The Moscow Times, POLITICO EU, Security Affairs, SecurityWeek, The Register - Security, Slashdot

South Korea’s state intelligence agency, the National Intelligence Service (NIS), told the country’s parliament that North Korea has attempted to hack into South Korean drug manufacturers' computer systems to obtain coronavirus vaccine information.

Reuters reports that pharmaceutical giant Pfizer was among the drug makers’ hacked by North Korea. North Korea has already been suspected of hacking into nine other healthcare firms, including Johnson & Johnson, Novavax Inc, and AstraZeneca. (Sangmi Cha, Hyonhee Shin / Reuters)

Related: Digital Journal,  DAILY SABAH, South China Morning Post, Euro Weekly News Spain, News - English [KBS WORLD Radio], Yonhap, euronews

Share

Trend Micro researchers say that the Android application SHAREit contains unpatched vulnerabilities that the app maker has failed to fix for more than three months.

The bugs, which stem from the lack of proper source code access controls, can be exploited to run malicious code on smartphones where the SHAREit app is installed. (Catalin Cimpanu / ZDNet)

Related: Telecomlive.com, Gadgets Now, Times of India, Security Affairs, Trend Micro, RAPPLER

Blockchain investigations firm Chainalysis said that a small group of 270 blockchain addresses had laundered around 55% of cryptocurrency associated with criminal activity.

Moreover, 1,867 addresses received 75% of all criminally-linked cryptocurrency funds in 2020, a sum estimated at around $1.7 billion, according to the firm. (Catalin Cimpanu / ZDNet)

Related: Slashdot, Silicon Angle, Chainanalysis

The research and science innovation funding organization, the Dutch Research Council (NWO), said that its servers had been hacked. It has had to suspend some of its annual one-billion-euro subsidy allocations for the time being.

NWO has postponed near-term funding deadlines and has stopped the evaluation of grant proposals with a passed deadline. (Ionut Ilascu / Bleeping Computer)

Related: Databreaches.net

U.S.-based cybersecurity giant Palo Alto Networks purchased Israeli-founded cyber company Bridgecrew Technologies for at least $200 million.

The company has an automated solution for developing cloud-based security that identifies and automatically fixes cloud infrastructure misconfiguration. (Meir Orbach / Calcalist)

Related: Ingrid Lunden – TechCrunch, Times of Israel

Follow Us on Twitter

After the State of California, Virginia is poised to become the second state to adopt a comprehensive online data protection law for consumers.

The Consumer Data Protection Act, which will soon be signed by the state’s Democratic governor Ralph Northam, puts guidelines on how affected companies (the data “controllers”) should collect, handle, and share personal information. (Kate Cox / Ars Technica)

Related: National Law Review, Roll Call

Must-Watch Video: Former Cybersecurity and Infrastructure Security Agency (CISA) head Chris Krebs spoke to CBS News the morning after the network’s 60 Minutes segment on the SolarWinds hack.

Krebs said that the government is still analyzing the Solar Winds breach and that the hack was an attack on trust in the digital ecosystem, which made it so “reckless and brazen.”

Metacurity - Sign Up for Our Newsletter Already @Metacurity

Krebs on CBS Sunday this morning commenting on the 60 minutes segment. Former top cybersecurity official on why U.S. intelligence missed Russia’s SolarWinds hackAmerican intelligence agencies are still trying to understand and stop the most sophisticated cybersecurity breach in U.S. history. Former Director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, who served under President Trump, joined “CBS This Morning” to discuss the implicat…cbsnews.com

February 16th 2021

1 Retweet4 Likes

Photo by Steve Harvey on Unsplash