Security News

Police said Wednesday they had arrested at least 80 people and carried out hundreds of raids in two European countries after shutting down an encrypted phone network used by organised crime groups. Police launched a top-secret operation to crack the SKY ECC network - which operates over a special phone - and "As of mid-February, authorities have been able to monitor the information flow of approximately 70,000 users," the Hague-based law agencies said.

The European Banking Authority has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.

The European Banking Authority on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based regulatory agency said.

The European Banking Authority took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.

A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server. Ticketcounter has confirmed the data breach to both BleepingComputer and Troy Hunt of Have I Been Pwned, who spoke to the company's owner after receiving the database.

ACI Worldwide announced that Amanda Mickleburgh, product director for Merchant Fraud, has been appointed to the European Advisory Board of the Merchant Risk Council, a global membership organization connecting eCommerce fraud and payments professionals. Since joining ACI in 2007, she has held various strategic roles, with a focus on eCommerce fraud prevention.

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.

Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. "What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim's computer."

The European Commission's war of words against pharma company AstraZeneca over COVID-19 virus vaccines has descended into farce after Brussels accidentally published an unredacted version of a disputed supply contract. Although the main text of the contract had been heavily redacted in places, nobody thought to check the bookmarks tab had also been redacted before dumping the contract online as a PDF. A non-redacted section of the contract states: "The Receiving Party shall treat all Confidential Information as secret and confidential and shall not use, copy or disclose to any third party any Confidential Information of the Disclosing Party."

A majority of chief information security officers in Europe said their cybersecurity strategy now focuses on mobile devices as a result of employees increasingly working remotely due to the pandemic, IT management and cybersecurity solutions provider Ivanti said in a report published this week. According to Ivanti's report, which aims to promote the adoption of zero trust security strategies, 87% of CISOs said the focal point of their strategy is now mobile devices.