Tag Archives: Privacy / Data Protection

French IT monitoring company’s hacking software: network agent | Instant News

(Reuters)-The French cybersecurity watchdog said on Monday that hackers have targeted surveillance software produced by the French company Centreon and have been in the organization for three years.

The surveillance program is known by its French acronym ANSSI. It did not find hackers, but said they had similar modus operandi, just like the Russian cyber espionage organization often nicknamed “Sandworm”.

ANSSI, Centreon and the Russian Embassy in Paris did not immediately respond to requests for comment.

The positioning of Centreon, a Paris-based company specializing in information technology surveillance, further highlights the appeal of such companies to digital spies.

US cybersecurity officials are still working on an ambitious espionage campaign that hijacked IT surveillance software produced by SolarWinds in Austin, Texas. US officials condemning the Moscow hacking hinted that other companies have been hit similarly.

Earlier this month, Reuters reported that suspicious Chinese hackers were also targeting SolarWinds customers, who used a less serious vulnerability to help spread it to the victim’s network.

ANSSI said in a 40-page report published on its website that the original medium for the intrusion targeting the Centreon software is still unclear. It said it found an invasion that dates back to the end of 2017 and lasted until 2020.

The regulator did not disclose the name or name of the victim, but said it was mainly an IT service company, such as an Internet hosting service provider.

Centreon’s website states that it is in more than 600 corporate clients worldwide, including the French Ministry of Justice.

Reporting by Raphael Satter; Editing by Grant McCool and Richard Chang


image source

Experian said it was investigating if it was involved in a Brazilian data breach | Instant News

(Reuters) – Credit data firm Experian said on Monday it was continuing to investigate whether the personal data of millions of people in Brazil it found being offered illegally for sale online could be linked to its Brazilian business Serasa.

UK-registered Experian, the world’s largest credit data group, said it had found so far that the data offered for sale included photos, social security details, vehicle registrations and social media login details, which Serasa did not collect or store.

“Although there is no in-depth investigation to date

evidence that our technology systems have been compromised, ”the company said.

The premarket indicator pegged a 2% decline for its shares on the open market.

Local news reports in Brazil said cybersecurity researchers found in January that the personal data of more than 200 million people may have been leaked and offered for sale online, but it is unclear where the data came from.

News of the breach comes less than a year after Brazilian health insurance company Hapvida said it had experienced a cyber attack that could potentially involve access to its customers’ personal information.

Sao Paulo-based aircraft manufacturer Embraer said in December that the plane had been targeted by hackers, who obtained disclosure of data allegedly linked to the company.

However, Experian says there is no evidence that positive or negative credit data was obtained illegally from Serasa.

Equifax Inc, Experian’s US-listed rival, announced the biggest-ever settlement for data breaches in 2019, agreeing to pay up to $ 700 million to settle claims that they broke the law during the 2017 data breach of customers related to US, UK and Canada and to pay back injured consumers.

Reporting by Muvija M in Bengaluru; Edited by Rachel Armstrong


image source

Australia’s securities regulator said the server was hit by a cyber security breach | Instant News

(Reuters) – Australia’s securities regulator said on Monday that there was a cyber security breach on the server used to transfer files including a credit license application on which some information may have been viewed.

The Australian Securities and Investments Commission (ASIC) said it was aware of the incident on January 15 although it appears that a credit license form or attachment was not downloaded.

“While the investigation is ongoing, there appears to be some risk that some limited information may have been seen by threat actors,” the regulator said in a statement late Monday.

The server has been disabled and no other technology infrastructure has been breached, ASIC added.

The incident occurred with file sharing software provided by California-based Accellion. The same software was used by New Zealand’s central bank, which faced cyber attacks earlier this month.

Accellion did not immediately respond to a Reuters request for comment.

Reporting by Rashmi Ashok and Nikhil Kurian Nainan in Bengaluru; Edited by Toby Chopra


image source

Brazil’s Bolsonaro allowed China’s Huawei to auction 5G: newspapers | Instant News

FILE PHOTOS: A SIM card and a 3D printed object representing 5G placed on the motherboard in this illustration image taken on April 24, 2020. REUTERS / Dado Ruvic / Illustration

BRASILIA (Reuters) – The Brazilian government will not seek to bar Chinese telecom equipment maker Huawei Technologies Co Ltd from a 5G network auction scheduled for June this year, the Estado de S. Paulo newspaper reported on Saturday, citing government and industry sources.

The financial costs are potentially billions of dollars and the exit of President Donald Trump’s ally from the White House forced President Jair Bolsonaro to back down from his opposition to Huawei’s offer to provide next-generation mobile networks for operators in Brazil, the paper said.

Like Trump, Bolsonaro opposes Huawei on unproven grounds that he shares confidential data with the Chinese Communist government.

However, with China as Brazil’s biggest trading partner and Huawei’s ability to compete on price, it has faced resistance from industry and within its own government, including from Vice President Hamilton Mourao.

Estado de S. Paulo quoted Mourao as saying all companies that provide the guarantees needed to respect Brazil’s national sovereignty and data protection will be allowed to offer 5G equipment in the country.

Last month, sources told Reuters that Bolsonaro’s government was looking for legal ways to exclude Huawei from 5G networks in Brazil.

Reporting by Jamie McGeever; Edited by Alistair Bell


image source

New Zealand’s central bank governor apologized after the cyber attack resulted in a serious data breach | Instant News

(Reuters) – The head of the Reserve Bank of New Zealand (RBNZ) apologized on Friday after a recent cyber attack caused a serious data breach at the central bank, and brought in independent investigators to review the incident.

FILE PHOTOS: Pedestrians walking near the main entrance of the Reserve Bank of New Zealand which is located in central Wellington, New Zealand, July 3, 2017. REUTERS / David Gray

The breaches were first announced on Sunday and later that week the RBNZ said a file sharing service provided by California-based Accellion was accessed illegally.

The breach comes just months after New Zealand’s exchange operator was targeted in a series of distributed denial of service attacks that flooded its website, preventing trading for several days.

“I have this problem and I am disappointed and sorry,” said Governor Adrian Orr, adding that the ongoing investigation showed the breach was “serious and has significant data implications.”

“Even though a malicious third party has committed such crimes, and we believe the terms of service are inconsistent with our agreement, the Bank has also failed to meet the standards expected by our stakeholders.”

Accellion said in response to media inquiries this week that it had become aware of the vulnerability of its legacy File Transfer Appliance (FTA), a 20-year-old product that specializes in large file transfers, in mid-December.

“Accellion resolves the vulnerability and releases patches within 72 hours to less than 50 affected customers,” he said in a statement sent to Reuters on Tuesday.

The RBNZ said the systems being breached had been secured and shut down, and New Zealand’s financial system remained healthy and open for business.

Dave Parry, Professor of Computer Science at Auckland University of Technology, said the time difference between identifying a problem, creating a patch and communicating it allowed the hackers to take action.

“The hackers are faster,” he said.

Parry said the RBNZ was aware of the risks to its IT infrastructure and could upgrade the 20-year-old FTA software, but that wasn’t a terrible mistake because the system was still functioning.

In addition to the ongoing cyber forensic investigation, the bank also appointed an independent third party to conduct a review of the incident.

Orr said he was unable to provide further details as it could influence investigations and steps being taken to mitigate the abuses.

Reporting by Renju Jose and Praveen Menon; Edited by Christian Schmollinger, Lincoln Feast, and Ana Nicolaci da Costa.


image source