Security News

Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists. Like in many other countries, mobile phone firms in Germany are required to verify a customer's identity before selling them a SIM card.

A German-led police operation has taken down the "World's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors said Tuesday. Police in the northern city of Oldenburg "Were able to arrest the alleged operator of the suspected world's largest illegal marketplace on the darknet, the DarkMarket, at the weekend," prosecutors said in a statement.

German Chancellor Angela Merkel's Cabinet approved a bill Wednesday that would require companies involved in setting up critical infrastructure such as high-speed 5G networks to guarantee that their equipment can't be used for sabotage, espionage or terrorism. The bill, which now goes to parliament, seeks to address concerns that vendors such as Chinese tech company Huawei might pose a security risk if they have access to core parts of the German telecoms network.

Environmental group WWF operates a tragically necessary maritime cleanup operation to find and remove so-called "Ghost nets" from the sea. A ghost net is any rogue fishing device that has got loose and carries on snagging sea creatures, including fish, sea mammals such as whales and dolphins, and even birds, in an uncontrollable way.

A security vulnerability in the infrastructure underlying Germany's official COVID-19 contact-tracing app, called the Corona-Warn-App, would have allowed pre-authenticated remote code execution. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Lab was chasing down RCE vulnerabilities on the platform and found one in the infrastructure supporting CWA for Android and OS. The team said it worked with SAP to mitigate the issue, adding as a server-side issue, the mobile apps themselves were not impacted, and that no data was collected beyond a device's IP address.

The world's second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang - and the hackers want $17m in cryptocurrency before they'll hand over the decryption key. Compal staff say they arrived at work on Monday to be told of the outbreak, and that they needed to back up their files.

Image: Tauno Tõhk. The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services for their involvement in a 2015 hack of the German Federal Parliament. EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau, ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.

A German privacy watchdog said Thursday that it is fining clothing retailer H&M 35.3 million euros after the company was found to have spied on some of its employees in Germany. Hamburg's data protection commissioner said in a statement that the Swedish company collected private information about employees at a customer service center in Nuremberg, "Ranging from rather harmless details to family issues and religious beliefs."

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.