Security News

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The...

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The...

A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The...

Pepco Group has confirmed that its Hungarian business has been hit by a "Sophisticated fraudulent phishing attack." The European company, which operates shops under the Pepco, Poundland and Dealz brands, said that the company lost approximately €15.5 million in cash as a consequence of the attack.

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Webinar It was growing threat levels and an increase in reported cybersecurity attacks since digitalization which pushed the European Union to introduce the original Network and Information Security Directive in 2016.

The European Court of Human Rights has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights - a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "The contested legislation providing for the retention of all internet communications of all users, the security services' direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society."

Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according to Microsoft. The US and UK governments have linked this state-sponsored gang to Russia's military intelligence agency, the GRU. Its latest phishing expeditions look to exploit CVE-2023-23397, a Microsoft Outlook elevation of privilege flaw, and CVE-2023-38831, a WinRAR remote code execution flaw that allows arbitrary code execution.

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments. Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.