North Korea targets Pfizer in vaccine hack (Computing) South Korean intelligence says the attack was probably meant to raise money for its poorer northern neighbour
North Korean hackers tried to steal Pfizer vaccine know-how, lawmaker says (Reuters) South Korea's intelligence agency has said North Korea attempted to steal information on coronavirus vaccines and treatments by hacking Pfizer Inc, a lawmaker briefed by the agency said on Tuesday.
French IT monitoring company's software targeted by hackers: cyber agency (Reuters) Hackers have spent up to three years breaking into organizations by targeting monitoring software made by the French company Centreon, France's cybersecurity watchdog said on Monday.
France: Russian state hackers targeted Centreon servers in years-long campaign (ZDNet) New ANSSI report exposes new Sandworm APT attacks targeting IT companies using Centreon servers.
Russian Sandworm hackers linked to attacks on French IT providers (SiliconANGLE) Russian Sandworm hackers linked to attacks on French IT providers - SiliconANGLE
France Ties Russia's Sandworm to a Multiyear Hacking Spree (Wired) A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.
Sandworm Hackers Hit French Monitoring Software Vendor Centreon (SecurityWeek) France's national cybersecurity agency is publicly blaming the Sandworm APT group for a string of long-term intrusions at European software and web hosting organizations, including Centreon.
Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies (Anomali) ScreenConnect Remote Access Tool Utilizing Ministry of Foreign Affairs-Themed EXEs and URLs: Static Kitten is likely using features of ScreenConnect to steal sensitive information or download malware for additional cyber operations targeting government agency employees.
Pro-India hackers use Android spyware to spy on Pakistani military (BleepingComputer) This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict.
The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a state-sponsored operation.
SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president (Reuters) A hacking campaign that used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies is "the largest and most sophisticated attack the world has ever seen," Microsoft Corp President Brad Smith said.
Facebook is limiting Myanmar military's reach on its platform (Engadget) Facebook has detailed how it’s handling the political situation Myanmar in a new post, where it has revealed that it’s limiting the distribution of all content posted by the country’s military.
Myanmar junta's planned cyber law condemned (Bangkok Post) Human rights activists inside and outside Myanmar have expressed alarm at a cybersecurity law that the new military junta is seeking to pass as its first piece of legislation.
France pushes for big changes to proposed EU tech regulation (Financial Times) Paris wants member states to have more power to act against illegal content
ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill (ZDNet) The power awarded under the draft legislation may see government modifying the functioning of computers or even deleting software if it was to step in.
Microsoft asks government to stay out of its cyber attack response in Australia (ZDNet) Government intervention would result in 'The Fog of War', further complicating any attempt to mitigate cyber attack response, the company said.
Spotlight: Massive data leaks put Brazil's institutions to the test (BNamericas) The latest throve of data leakage reportedly included personal information by President Bolsonaro.
Focus: New Brazilian data privacy law could drive growth of regional cyber market (Insurance Day) The new regulatory requirements, including the tougher penalties, will drive demand and alter the mix of coverages needed in Brazil and, potentially, across the region
Aiming to Cash In on Data, European Firms Grapple With Privacy Laws (Wall Street Journal) Companies in Europe want to share the personal data of consumers with other firms or turn it into business applications without violating privacy rules, but there is no consensus on how to avoid revealing such potentially sensitive information.
Cybersecurity experts say U.S. needs to strike back after SolarWinds hack (CBS News) In the wake of the SolarWinds hack, cybersecurity experts told 60 Minutes that the U.S. must be willing to attack Russia and other adversaries, or the hacks will keep coming.
Security Think Tank: Biden must address insider security threat first (ComputerWeekly) As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard.
In Biden World, Economic Policy Is National Security Policy (Wall Street Journal) The Biden administration, worried about American competitiveness, is deploying a quiet but revolutionary way of thinking about national security—economic policy and foreign policy no longer are separate.
CMMC: Stopping Cyber Espionage Like Chinese Theft of F-35 Data (Breaking Defense) CMMC 1 is “what you’ve got to have to make sure your neighbor is not in your Netflix,” quipped Stacy Bostjanick, director of CMMC. “It’s very easy, and commensurate with basic cyber hygiene. I recommend that everyone get there, but as a COTS provider, you don’t have to.”
Biden Paused Trump’s WeChat and TikTok Bans: Now What? (Just Security) Courts rejected Trump's attempts to ban WeChat and TikTok, reining in presidential power. What will Biden do with this legacy?
The Cybersecurity 202: Industry groups urge Congress to include cybersecurity funding in coronavirus relief package (Washington Post) Cybersecurity groups are urging Congress to make federal and state cybersecurity funding a priority as lawmakers iron out a $1.9 trillion dollar coronavirus relief package.
Langevin hopeful new Armed Services panel will shine new spotlight on cybersecurity (TheHill) Rep. Jim Langevin (D-R.I.), the newly minted chairman of the House Armed Services Committee’s new cybersecurity subcommittee, is looking to bring a new spotlight to the nation’s defensive cyber capabilities and international cyber diplomacy.
US Court system demands massive changes to court documents after SolarWinds hack (TechRepublic) Multiple senators have demanded a hearing on what court officials know about the hackers' access to sensitive filings. The effects could make accessing documents harder for lawyers.
National Guard task force that supports Cyber Command changes over (Defense News) The 123rd Cyber Protection Battalion is mobilizing to support Task Force Echo V, which helps with U.S. Cyber Command operations.
Regulators Are Homing In On Perils Of Ransomware Payouts (Law360) A New York state regulator's recent warning that insurers are funding future ransomware attacks by paying extortionists on behalf of victims is the latest sign of authorities' growing scrutiny of the payouts, but it's far from clear whether the guidance will spur a slowdown in what has become a booming industry of cybercrime.
Top court ruling on South Africa's spy law is a victory for privacy, but loopholes remain (The Conversation) The Constitutional Court judgment is a huge victory, not only for journalists and lawyers who stand to benefit directly and immediately, but for broader society.
Activists in India were jailed because of Israeli spyware plant (TRT World) A group of Indian activists accused of a plot to eliminate the Indian prime minister were entrapped via a notorious Israeli made spyware.
Israel spyware used to plant evidence on jailed India activists (Middle East Monitor) Vital evidence used against a group of Indian activists accused of plotting to overthrow the government was planted on a laptop before being seized by police, according to a new forensics report. O...
Egregor ransomware operators arrested in Ukraine (ZDNet) Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.
Egregor ransomware affiliates arrested by Ukrainian, French police (BleepingComputer) A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine.
Brazilian authorities start probe as 102 million consumers are exposed in new leak (ZDNet) The National Data Protection Authority is investigating the country's second largest data protection incident of 2021