A Chinese nation-state group is hacking foreign affairs ministries and embassies across Europe, employing a sophisticated HTML-smuggling technique to deliver the insidious PlugX remote access Trojan to compromised systems. The technique raises concern about the security of diplomatic institutions.
Experts believe China's revised Counter-Espionage Law gives the Chinese Communist Party the power to retaliate against Western financial and technological sanctions and also control rising discontent among Chinese citizens. The law went into effect on Saturday.
Over five dozen British academics joined a widening group of technology firms and privacy groups in criticizing a U.K. government bill aimed at protecting children from online harassments by weakening encryption. In an open letter, they said the bill is "doomed to fail."
Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.
Swedish data privacy officials issued fines against two of four companies found to have violated rules against the export of European users' data due to their use of Google Analytics, which was found to contravene EU privacy regulations due to the potential risks of U.S. government surveillance.
The United States is further fortifying its critical infrastructure security with a new Cybersecurity and Infrastructure Security Agency program that enhances the cyber resilience of participating partners leveraging the agency's advanced threat detection and monitoring capabilities.
An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an updated version of the Powerstar backdoor, also known as CharmPower, which takes advantage of a distributed file protocol to distribute customized phishing links.
The U.S. Department of Health and Human Services has notified Congress that the information of at least 100,000 individuals has been compromised in hacking incidents at HHS contractors involving exploitation of a flaw in managed file transfer software MOVEit from Progress Software.
The United Kingdom's national cybersecurity agency on Friday marked the 20th anniversary of its response to the first-ever cyberattack against the government by disclosing how government agencies responded. The incident paved way for the launch of the National Cyber Security Center in 2016.
The European Commission is set to finalize its digital wallet initiative after the proposal achieved political consensus on the core elements concerning its implementation. The latest digital monetary initiative comes as Europe rolls out plans for a digital euro.
Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. Kaspersky researchers said they stumbled upon the never-before-seen malware family, which is deployed in Log4j and phishing attacks.
The Irish government has proposed a number of measures to strengthen the country's top cyber agency's abilities to tackle ransomware and other cyberthreats. The National Security Strategy lays out 18 new action plans intended to augment the National Cyber Security Center's capabilities.
Cyberattackers have hit Ukraine's critical infrastructure over 3,000 times since the beginning of the Russian invasion in 2022, according to Ukraine's national incident response team, which warned that such attacks may continue for years even after the fighting on the ground is over.
Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
Technology giant Apple has joined the chorus of voices calling on the British government to rethink its proposed Online Safety Bill legislation intended to increase public safety by monitoring people's private communications via client-side scanning.