Cyber Weekly Digest - Week #8

Updated: Feb 26, 2021


This week in cyber security is another filled with attacks on high-profile companies. In this week's digest we look into the attack on Kia Motors America and the new malicious adware application specifically targeting Apple’s new M1 SoC . Keep reading to find out about some of the biggest cyber security stories this week.


1. Several video calling apps left vulnerable to snooping after a vulnerability was found in Agora.io's Software Development Kit.


Agora is used by several apps such as eHarmony, Plenty of Fish and MeetMe. The McAfee Advanced Threat Research Team found the vulnerability. Attackers could have used the flaw to launch man-in-the-middle attacks to intercept communication between two parties. Researchers said, "Agora's SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them," however, there is no evidence that the vulnerability has been exploited in the wild.


2. Sandworm, the Russian-linked threat actor, is behind a three-year operation that hacked targets by exploiting the I.T. monitoring tool Centreon.


Sandword is an elite Russian-sponsored cyberespionage group active for at least two decades. The intrusion campaign breached "several French entities" and is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web hosting providers. However, Centreon says that none of its customers were affected by the attacks. The affected organizations used an obsolete and free version of its software released in 2014, which has been unsupported for five years.

3. Kia Motors America suffers a ransomware attack by the DoppelPaymer group with a $20 million ransom demand.