Category: France

Harley-Davidson Faces Data Breach, Customer Information Leaked

Harley Davidson, the iconic American motorcycle manufacturer, has become the latest victim of a cyberattack. A hacking group known as “888” is reportedly responsible for the breach, which exposed sensitive customer information. The stolen data, which is now being sold on the dark web, includes email addresses, phone numbers, physical addresses, and full names, putting affected customers at risk of phishing and identity theft.

According to sources from Telegram, the group accessed Harley-Davidson’s servers in December 2024, obtaining personal details of over 66,700 individuals. In response, the company has engaged a forensic team to investigate the breach. Harley-Davidson has promised to release further details about the 888 group once the investigation is complete.

US Government Bans Transfer of Citizens’ Data to Foreign Countries

In a significant move to safeguard national security, the U.S. government has enacted Executive Order 14117, which prohibits the transfer of American citizens’ personal data to foreign servers. The new law aims to mitigate rising cyber threats and blocks the export of data to countries like China, Russia, Iran, North Korea, Venezuela, Cuba, and regions such as Hong Kong and Macao.

The executive order was initially set to take effect in February of the previous year, but its implementation was delayed. With the law now in effect, U.S. citizens’ data is better protected from foreign cyber threats.

NoName Hackers Target French Websites After Attacks in Italy

The cybercriminal group NoName57 (also known as NoName57(16)) has escalated its activities, shifting its focus from Italy to France. Following successful attacks on Italian government websites, including airport-related platforms, NoName hackers have now launched DDoS (Distributed Denial of Service) attacks on several French municipal sites.

The group, which aligns with pro-Russian sentiments, stated on their social media channels that these cyberattacks were in retaliation for France’s support of Ukraine. NoName continues to target the digital infrastructure of countries they consider adversaries to Russia.

Sri Lanka’s Police Website and Social Media Accounts Hacked

In an unprecedented cyberattack, Sri Lanka’s police department became the target of hackers, who compromised the department’s website and social media accounts. The attack, which marked the first of its kind in Sri Lanka, caused disruptions, though the situation has largely been brought under control. Senior police official K.B. Manatunga confirmed that the department’s Facebook and Twitter accounts had been restored, but the YouTube channel and the website of the Printer Department remain offline.

Chinese authorities have launched an investigation into the breach and are exploring the possibility of foreign intelligence involvement in the attack.

The post Cybersecurity news headlines trending on Happy New Year 2025 appeared first on Cybersecurity Insiders.

Rising Mobile Phishing Threats in Healthcare

A recent report by Zimperium’s zLabs Global Mobile Threat has revealed a significant increase in mobile phishing attacks in 2024, with the healthcare sector emerging as a primary target. The report highlights that many attacks are directed at employees’ mobile devices, as staff often use their phones for both professional and personal activities, including browsing, shopping, and dating.

Crypto Drainer Malware Discovered on Google Play

Research from Check Point has uncovered the presence of crypto-draining malware on the Google Play Store, affecting users for the past four to five months. Various apps, including WalletConnect, have been masquerading as legitimate platforms for storing digital currencies, while actually siphoning off assets like Bitcoin and Monero. So far, approximately $70,000 in cryptocurrency has been stolen from unsuspecting victims, and the number continues to rise. Despite efforts from Google to combat this malware, these fraudulent apps are posing as legitimate products linked to actual companies, orchestrated by malicious hacking groups.

Data Breach Exposes Millions of Records in France

An unsecured Elasticsearch server containing sensitive information of over 97 million French citizens has been discovered for sale on the dark web. Security researchers suggest that this leak may stem from data gathered through at least 17 separate breaches. The exposed data includes phone numbers, email addresses, payment information, full names, physical addresses, and IP addresses, which could facilitate phishing scams and identity theft.

AI-Powered Malware Development Identified by HP Threat Intelligence

Researchers at HP Threat Intelligence have found that cybercriminals are leveraging artificial intelligence to create malware. This approach not only saves time and resources but also enables the development of sophisticated malicious software capable of evading antivirus detection. Such AI-driven malware can be easily customized for various attacks, including ransomware and data deletion.

US Treasury Bans Two Russian Cryptocurrency Exchanges

The US Treasury Department’s Office of Foreign Assets Control has imposed sanctions on two Russian cryptocurrency exchanges, Cryptex and PM2BTC, for their roles in laundering ransom payments. Evidence suggests these exchanges were involved in laundering over $720 million in funds associated with online fraud, malware distribution, mixing services, and vishing scams.

Microsoft Reports Ransomware Threats in Hybrid Clouds

Microsoft has released a report detailing how the threat actor known as Storm-0501 is exploiting hybrid cloud environments to deploy ransomware. This includes the migration of data and applications between on-premises and cloud systems, leading to risks such as credential theft, data exfiltration, manipulation, persistent backdoor access, and double extortion.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

France Cybersecurity Agency, ANSSI, has issued a stark warning regarding the upcoming Paris Olympics 2024, cautioning that the event’s IT infrastructure will face relentless cyber attacks, potentially including sophisticated ransomware variants.

ANSSI disclosed that French government security teams have been diligently preparing for two years to counter such threats. Despite these efforts, there remains uncertainty about their ability to fend off highly advanced ransomware attacks.

The Paris Olympics are scheduled to commence on July 26th and conclude in mid-August, during which organizers, athletes, spectators, and media are expected to encounter unprecedented cyber threats of significant severity.

Amidst suspicions, Russia is reportedly a primary source of these anticipated cyber assaults. This suspicion stems partly from its restricted participation in the 2024 Olympics due to geopolitical tensions, notably its ongoing conflict with Ukraine over the past two years.

To bolster their defenses, ANSSI is leveraging AI technology through its cyber defense division, COMCYBER, linked to the Ministry of Defense. This unit not only aims to thwart incoming attacks but also proactively safeguards the event’s infrastructure against diverse cyber threats until its conclusion.

In other news, Brazil has imposed restrictions on Meta’s use of generative artificial intelligence (Gen AI), citing concerns over user privacy and data usage in the company’s evolving privacy policies. The Brazilian National Data Protection Authority (ANPD) issued a directive prohibiting Meta from utilizing Gen AI technology with immediate effect.

This regulatory action follows heightened scrutiny after Reuters initially reported on the ban, emphasizing ANPD’s stance on protecting fundamental user rights. Effective July 19, 2024, Brazil has warned of daily fines amounting to approximately $9,000 if Meta fails to comply with the ban.

Meta responded promptly, asserting its commitment to adhere to Brazilian laws while expressing concerns that such restrictions could stifle innovation and hinder AI development, potentially impacting the country’s future technological landscape.

The post France Ransomware warning to Paris Olympics 2024 and Brazil ban on Meta AI data usage appeared first on Cybersecurity Insiders.

A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business. The unnamed Frenchman, who goes by online handles including "ChatNoir" and "Casquette", is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms. Read more in my article on the Hot for Security blog.

Recently, hackers have shifted their attention to the government sector, with France’s government websites falling victim to sophisticated yet low-intensity cyber-attacks.

A source from the office of France’s Prime Minister Gabriel Attal has suggested that these attacks on government servers could potentially be the work of a state-sponsored actor. However, further details are expected to be released following a thorough investigation.

After the news spread via France’s news agency AFP on various social media platforms, speculation arose with a trending hashtag hinting at Russian involvement. Yet, at present, there’s no concrete evidence implicating Russian intelligence in the attacks.

Curiously, these website disruptions occurred just a month after Defense Minister Sebastian Lecornu acknowledged the reality of cyber threats originating from Moscow. Despite precautionary measures, the attackers successfully caused significant disruptions to the websites.

Cybersecurity Insiders has learned that the disruption was caused by a Distributed Denial of Service (DDoS) attack, with Anonymous Sudan claiming responsibility for the assault on the French government’s network infrastructure via Telegram. This group has a track record of targeting both public and private entities in countries like Sweden, Denmark, the United States, and Australia, primarily focusing on governments with anti-Muslim policies in the Western world.

Social media speculation also suggests potential links between this group and other pro-Russian entities such as Killnet and the REVIL ransomware group. These groups allegedly oppose countries supporting Ukraine in the conflict with the Kremlin.

The post Cyber Attack on France government websites appeared first on Cybersecurity Insiders.

A significant cyber-attack has rocked France, with data from over 33 million individuals—roughly half of the country’s population—falling victim to this sophisticated breach earlier this month. This breach marks a potentially unprecedented event in the nation’s history, according to reports.

Yann Padova, a prominent data protection lawyer and former secretary general of France’s Data Protection Authority (CNIL), has raised alarm over the scale of the attack, estimating that nearly one in every two citizens could be impacted by the breach.

The targets of this digital onslaught were Viamedis and Almerys, two medical insurance providers, both succumbing to attacks within a mere five-day span. Initial investigations suggest that the data loss occurred as cybercriminals executed phishing attacks on unsuspecting employees, gaining access to credentials and subsequently infiltrating central record systems. Information such as social security numbers, marital status, dates of birth, insurance details, and policy coverage information were among the compromised data. Fortunately, critical data such as medical histories, postal addresses, contact details, and bank account information were stored on a separate server, safeguarding them from the attackers.

In response, the French CNIL has launched an inquiry into the cyber-attack and has determined that it was carried out by state-funded hackers. As efforts to recover from the incident are underway, certain services, including the “Tier Payment” system, will be temporarily unavailable to patients, and access to specific health records will be restricted.

Amidst this crisis, individuals are urged to exercise caution, verifying the authenticity of any communication requesting credentials and refraining from clicking on links provided in emails, messages, or calls. Vigilance is paramount in safeguarding against further breaches and protecting personal information from falling into the wrong hands.

The post France data breach triggers among half of the populace appeared first on Cybersecurity Insiders.

The French police are getting new surveillance powers:

French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.

[…]

Covering laptops, cars and other connected objects as well as phones, the measure would allow the geolocation of suspects in crimes punishable by at least five years’ jail. Devices could also be remotely activated to record sound and images of people suspected of terror offenses, as well as delinquency and organized crime.

[…]

During a debate on Wednesday, MPs in President Emmanuel Macron’s camp inserted an amendment limiting the use of remote spying to “when justified by the nature and seriousness of the crime” and “for a strictly proportional duration.” Any use of the provision must be approved by a judge, while the total duration of the surveillance cannot exceed six months. And sensitive professions including doctors, journalists, lawyers, judges and MPs would not be legitimate targets.

GIGN, an elite cyber force set up by French National Gendarmerie, has lowered the ransom demanded by hackers to free up data on the database of a Paris Hospital. CHSF Hospital Centre in Corbeil-Essonnes is the healthcare service provider in discussion whose servers storing imaging and patient data were locked up by encryption.

As per a report published in Parisien Newspaper, the hackers demanded $10 million to release a decryption key, but lowered the sum to $1 million after negotiations by the members of Gendarmerie.

Interestingly, the hospital authorities have disclosed that they will not pay any ransom to the cyber criminals and will instead recover data from a backup plan.

Then why did the negotiators involve in lowering the ransom is the big question?

Hospital authorities suggest that LockBit ransomware hackers were involved in the incident and the negotiations were being conducted to gain time to track down the criminals.

Reports are in that over 500 patients, including 13 children, were diverted to other hospitals because of the digital disruption.

Pharmacy-related data and test reports are being burned onto disk drives for sharing and some staff are seen, using pen and paper to make a note of prescriptions and details of patient treatment.

NOTE- GIGN is a tactical force of France that deals with issues such as counterterrorism, surveillance on national threats, the rescue of hostages, protection of government people and properties and cybercrime. This unit was established in 1974 and gained publicity when it played an extensive role in recusing hijacked passengers on Air France Flight at Marsellie Marignane Airport in Dec’94.

 

The post GIGN Elite Force helps lower ransom to a French Hospital appeared first on Cybersecurity Insiders.