Security News

The European Commission on Thursday proposed a cyber defense policy in response to Europe's "Deteriorating security environment" since Russia illegally invaded Ukraine earlier this year. This will include establishing an EU Cyber Defence Coordination Centre, encouraging member states to more actively participate in Military Computer Emergency Response Teams, while building a similar network for civilian cyber incident responders, according to a joint communication [PDF] to the European Parliament and Council.

The new framework addresses concerns raised in a case decided in 2020 known as Schrems II, named after Max Schrems, the Austrian privacy activist who brought the case to the EU Court of Justice. Schrems II struck Privacy Shield down, in part, because EU citizens had no rights to petition the US government if they felt their data had been improperly gathered.

On Tuesday, the European Court of Justice issued rulings that limit indiscriminate data retention in France and Germany. The ECJ determined [PDF] that EU law disallows national legislation that requires indiscriminate retention of telecom traffic and location data to fight crime and protect public safety.

A new distributed denial-of-service attack that took place on Monday, September 12, has broken the previous record that Akamai recorded recently in July. The cybersecurity and cloud services company Akamai reports that the recent attack appears to originate from the same threat actor, meaning that the operators are in the process of empowering their swarm further.

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit said in a report shared with The Hacker News.

Akamai Technologies squelched the largest-ever distributed denial-of-service attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period. The user datagram protocol was the most popular vector used in the attack and was seen in the record spikes.

Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. Eventually, the victim is convinced to deposit 250 EUR or more, while the details provided on the fake site are stored and used for future campaigns or resold on the dark web.

The largest distributed denial-of-service attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. DDoS incidents have become more frequent since the start of the year as attackers try to deny access to the victim's digital services by flooding them with requests and traffic to overwhelm resources and render them unavailable.

The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said.

A newly discovered multistage remote access trojan dubbed ZuoRAT has been used to target remote workers via small office/home office routers across North America and Europe undetected since 2020. The start of this campaign roughly lines up with a quick shift to remote work after the start of the COVID-19 pandemic which drastically increased the number of SOHO routers used by employees to access corporate assets from home.