Security News
Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics. On Thursday, the French National Assembly adopted Article 7 of the pending bill, which authorizes automated analysis of surveillance video from fixed and drone cameras.
A French citizen was scheduled to appear before a US court on Friday on a nine-count indictment related to his alleged involvement in the ShinyHunters cybercrime gang that trafficked in identity and corporate data theft and sometimes extortion. Since early 2020, the ShinyHunters crew has stolen "Millions of customer records" and sold sensitive data belonging to more than 60 companies in Washington state and elsewhere around the world, according to the US Attorney's office.
Popular short-form video hosting service TikTok has been fined €5 million by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. The regulator said it conducted several audits between May 2020 and June 2022, finding that the ByteDance-owned company did not offer a straightforward option to refuse all cookies as opposed to just one click for accepting them.
A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a report shared with The Hacker News.
Apple tracked users without their consent and deserves to be fined €6 million, according to a top advisor to France's data privacy watchdog. The Commission nationale de l'informatique et des libertés launched an investigation into Apple after a complaint filed by France Digitale, a lobby group supporting startups, accused the company of violating EU privacy laws last year.
The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, said the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems.
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation requirements. The Commission nationale de l'informatique et des libertés said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation requirements. The Commission nationale de l'informatique et des libertés said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.
A French-speaking criminal group codenamed OPERA1ER has pulled off more than 30 cyber-heists against telecom organizations and banks across Africa, Asia, and Latin America, stealing upwards of $30 million over four years, according to security researchers. In one robbery, "a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs," the researchers wrote in a report this month.
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point said in a Tuesday report.