Security News

The Commission nationale de l'informatique et des libertés, France's data protection watchdog, has slapped Facebook and Google with fines of €150 million and €60 million for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track online activity across the web and store information about the browsing sessions, including logins and details entered in form fields such as names and addresses.

France's National Commission on Informatics and Liberty, the country's data privacy and protection body, has announced a 60 million euro sanction against Facebook and a 150 million euro penalty against Google. As a result, today CNIL announced an administrative fine of 60 million Euros against Facebook Ireland Ltd. and an additional 100,000 Euros per day of delay of compliance, starting from March 2022.

The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021. While ANSSI has not determined how Nobelium compromised email accounts belonging to French orgs, it added that the hackers used them to deliver malicious emails targeting foreign institutions.

The French National Agency for the Security of Information Systems on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks. The agency has shared indicators of compromise to help organizations detect potential attacks.

Today, the French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group. Partage d'IoCs relatifs une campagne d'attaques du mode opératoire APT31 en France.

A French court ruled Tuesday that Ikea had set up an elaborate system to illegally spy on hundreds of employees and job applicants over several years, using private detectives as well as police sources. Ikea's former head of risk management, Jean-Francois Paris, who was accused of being at the heart of the spying system, was handed a suspended 18-month prison term and a fine of 10,000 euros.

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France's related overall losses at more than $5.5 billion.

Accenture has entered into an agreement to acquire Openminded, a France-based cybersecurity services company that provides advisory, cloud & infrastructure security, cyber defense, and managed security services. Once completed, the acquisition would bring approximately 100 highly skilled cybersecurity professionals to Accenture Security's workforce of nearly 7,000 professionals globally and extend Accenture's cybersecurity presence and capabilities in France and in Europe.

French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France. The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic.

France's Agence nationale de la sécurité des systèmes d'information, the nation's cyber-security agency, has identified a years-long campaign to infiltrate IT monitoring platform Centreon. Centreon claimed that Centreon is a spiffing open-source IT monitoring tool.