Security News

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.

Microsoft has confirmed that from the beginning of 2023, it will introduce an EU Data Boundary solution designed to help customers in the European Union and the European Free Trade Association comply with legislation including the General Data Protection Regulation. From January 1st, the Redmond tech monster promises to give customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services.

Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, Yahoo, and Sixt who levelled up their security with Intigriti to enjoy higher quality bug bounty reports, faster lead times, and an intuitive platform.

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report. Discovered in September 2019, the malware has been previously deployed in a cyber attack aimed at a nuclear power plant in India, with more recent intrusions using Dtrack as part of Maui ransomware attacks.

The European Commission on Thursday proposed a cyber defense policy in response to Europe's "Deteriorating security environment" since Russia illegally invaded Ukraine earlier this year. This will include establishing an EU Cyber Defence Coordination Centre, encouraging member states to more actively participate in Military Computer Emergency Response Teams, while building a similar network for civilian cyber incident responders, according to a joint communication [PDF] to the European Parliament and Council.

The new framework addresses concerns raised in a case decided in 2020 known as Schrems II, named after Max Schrems, the Austrian privacy activist who brought the case to the EU Court of Justice. Schrems II struck Privacy Shield down, in part, because EU citizens had no rights to petition the US government if they felt their data had been improperly gathered.

On Tuesday, the European Court of Justice issued rulings that limit indiscriminate data retention in France and Germany. The ECJ determined [PDF] that EU law disallows national legislation that requires indiscriminate retention of telecom traffic and location data to fight crime and protect public safety.

A new distributed denial-of-service attack that took place on Monday, September 12, has broken the previous record that Akamai recorded recently in July. The cybersecurity and cloud services company Akamai reports that the recent attack appears to originate from the same threat actor, meaning that the operators are in the process of empowering their swarm further.

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit said in a report shared with The Hacker News.

Akamai Technologies squelched the largest-ever distributed denial-of-service attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period. The user datagram protocol was the most popular vector used in the attack and was seen in the record spikes.