Security News

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said.

Several German lawmakers have once again fallen victim to a cyber attack, local media said Friday, with security experts pointing the finger at Russian hackers. Hackers used phishing emails to gain access to the computers of at least seven federal MPs and 31 lawmakers in regional parliaments, according to Der Spiegel weekly.

Email accounts of multiple German Parliament members were targeted in a spearphishing attack. It is believed that the attackers were able to gain access to the email accounts of seven members of the German federal parliament and 31 members of German regional parliaments.

Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists. Like in many other countries, mobile phone firms in Germany are required to verify a customer's identity before selling them a SIM card.

A German-led police operation has taken down the "World's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors said Tuesday. Police in the northern city of Oldenburg "Were able to arrest the alleged operator of the suspected world's largest illegal marketplace on the darknet, the DarkMarket, at the weekend," prosecutors said in a statement.

German Chancellor Angela Merkel's Cabinet approved a bill Wednesday that would require companies involved in setting up critical infrastructure such as high-speed 5G networks to guarantee that their equipment can't be used for sabotage, espionage or terrorism. The bill, which now goes to parliament, seeks to address concerns that vendors such as Chinese tech company Huawei might pose a security risk if they have access to core parts of the German telecoms network.

Environmental group WWF operates a tragically necessary maritime cleanup operation to find and remove so-called "Ghost nets" from the sea. A ghost net is any rogue fishing device that has got loose and carries on snagging sea creatures, including fish, sea mammals such as whales and dolphins, and even birds, in an uncontrollable way.

A security vulnerability in the infrastructure underlying Germany's official COVID-19 contact-tracing app, called the Corona-Warn-App, would have allowed pre-authenticated remote code execution. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Lab was chasing down RCE vulnerabilities on the platform and found one in the infrastructure supporting CWA for Android and OS. The team said it worked with SAP to mitigate the issue, adding as a server-side issue, the mobile apps themselves were not impacted, and that no data was collected beyond a device's IP address.

The world's second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang - and the hackers want $17m in cryptocurrency before they'll hand over the decryption key. Compal staff say they arrived at work on Monday to be told of the outbreak, and that they needed to back up their files.

Image: Tauno Tõhk. The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services for their involvement in a 2015 hack of the German Federal Parliament. EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.