Security News

Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.

A 22-year-old student German federal police believe to be the administrator of one of the largest German-speaking, dark-web forums has been arrested. According to German law enforcement, the student, from Lower Bavaria, served as the operator of the third version of Deutschland im Deep Web since November 2018.

German newspaper 'Heilbronn Stimme' published today's 28-page issue in e-paper form after a Friday ransomware attack crippled its printing systems. On Saturday, the newspaper issued an "Emergency" six-page edition while all planned obituaries were posted on the website.

It's enough to keep business owners and security professionals worried that they are also exposed, be it through an overlooked vulnerability baked into their devices or an unknown, exploitable weakness in their software. Dell and Intel know that the only way to reliably secure business devices and networks is through a harmonization of hardware and software security technologies working in concert.

The Association of German Chambers of Industry and Commerce was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. DIHK is a coalition of 79 chambers representing companies within the German state, with over three million members comprising businesses ranging from small shops to large enterprises in the country.

Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the attacker to take total control over the infected machine," researchers from JFrog said in a new report.

A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware. These sites are used to send phishing emails written in German and host the malware payloads downloaded to targeted systems.

German police have located and closed down the servers of Hydra, allegedly one of the world's biggest underground online stores. According to a report from the BBC, locating the actual servers used to run Hydra was not an easy task, but German police said they started following up on a tip in the middle of 2021 that suggested the servers were actually hosted in Germany.

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security against using the company's security solutions in the country over "Doubts about the reliability of the manufacturer." The statement from Kaspersky follows a warning from Germany's cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik aka BSI, which recommended "Replacing applications from Kaspersky's portfolio of antivirus software with alternative products" due to risks that they could be exploited by Russia for a cyber attack.

Germany's Federal Office for Information Security, BSI, is warning companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany. Kaspersky is a Moscow-based cybersecurity and antivirus provider founded in 1997, that has a long history of success, but also controversy over the company's possible relationship with the Russian government.