Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Europe. Show all posts
TikTok
China Data Regulation Europe GDPR Privacy Social Media TikTok

EU Fines TikTok $600 Million for Data Transfers to China

EU Fines TikTok $600 Million for Data Transfers to China

Regulators said that the EU has fined TikTok 530 million euros (around $600 million). Chinese tech giant ByteDance owns TikTok, which has been found guilty of illegally sending the private data of EU users to China and lack of compliance to ensure the protection of data from potential access by Chinese authorities. According to an AFP news report, the penalty— one of the largest ever issued to date by EU’s data protection agencies— comes after a detailed inquiry into the legitimacy of TikTok’s data transfer rules. 

TikTok Fine and EU

TikTok’s lead regulator in Europe, Ireland’s Data Protection Commission (DPC) said that TikTok accepted during the probe about hosting European user data in China. DPC’s deputy commissioner Graham Doyle said that “TikTok failed to verify, guarantee, and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,”

Besides this, Doyle said that TikTok’s failure to address the dangers of possible access to Europeans’s private data by Chinese authorities under China’s anti-terrorism, counter-espionage, and other regulations, which TikTok itself found different than EU’s data protection standards. 

TikTok will contest the decision

TikTok has declared to contest the heavy EU fine, despite the findings. TikTok Europe’s Christine Grahn stressed that the company has “never received a request” from authorities in China for European users’ data and that “TikTok” has never given EU users’ data to Chinese authorities. “We disagree with this decision and intend to appeal it in full,” Christine said. 

TikTok boasts a massive 1.5 billion users worldwide. In recent years, the social media platform has been under tough pressure from Western governments due to worries about the misuse of data by Chinese actors for surveillance and propaganda aims. 

TikTok to comply with EU Rules

In 2023, the Ireland DPC fined TikTok 354 million euros for violating EU rules related to the processing of children’s information. The DPC’s recent judgment also revealed that TikTok violated requirements under the EU’s General Data Protection Regulation (GDPR) by sending user data to China. The decision includes a 530 million euro administrative penalty plus a mandate that TikTok aligns its data processing rules with EU practices within 6 months. 

Read more »
Yoojo
AppSecurity CloudMisconfiguration CloudStorage Cybersecurity Data Breach Europe GDPR IdentityTheft Leak PersonalData phishing Privacy TechSecurity UserPrivacy Yoojo

Yoojo Exposes Millions of Sensitive Files Due to Misconfigured Database

 

Yoojo, a European service marketplace, accidentally left a cloud storage bucket unprotected online, exposing around 14.5 million files, including highly sensitive user data. The data breach was uncovered by Cybernews researchers, who immediately informed the company. Following the alert, Yoojo promptly secured the exposed archive.

The database contained a range of personally identifiable information (PII), including full names, passport details, government-issued IDs, user messages, and phone numbers. This level of detail, according to experts, could be exploited for phishing, identity theft, or even financial fraud.

Yoojo offers an online platform connecting users with service providers for tasks like cleaning, gardening, childcare, IT support, moving, and homecare. With over 500,000 downloads on Google Play, the app has gained significant traction in France, Spain, the Netherlands, and the UK.

Cybernews stated that the exposed database was publicly accessible for at least 10 days, though there's no current evidence of malicious exploitation. Still, researchers cautioned that unauthorized parties might have already accessed the data. Yoojo has yet to issue a formal comment on the incident.

“Leaked personal details enables attackers to create highly targeted phishing, vishing, and smishing campaigns. Fraudulent emails and SMS scams could involve impersonating Yoojo service providers asking for sensitive information like payment details or verification documents,” Cybernews researchers said.

The incident underscores how frequently misconfigured databases lead to data exposures. While many organizations rely on cloud services for storing confidential information, they often overlook the shared responsibility model that cloud infrastructure follows.

On a positive note, most companies act swiftly once made aware of such vulnerabilities—just as Yoojo did—by promptly restricting access to the exposed data.
Read more »
Russia
Cyber Attacks Europe hybrid attacks Russia

Russia Accused of Carrying Out Over 50 Secret Operations Across Europe

 



In the last few years since the war in Ukraine began, several European countries have experienced unusual and suspicious activities. These events include online attacks, spying, fires, and efforts to spread false information. Investigations suggest that many of these actions may be linked to Russia or groups working in its interest.

According to a report studied by journalists from a global news agency, at least 59 such incidents have taken place. These actions are believed to be part of a broader strategy known as "hybrid attacks" which mix cybercrime, sabotage, and misinformation to confuse or harm other countries without direct warfare.

Some of these incidents involved hackers breaking into politicians' accounts or important systems. In other cases, there were attempts to cause damage through arson or even plans to smuggle explosives onto cargo flights. These activities have raised serious concerns among security agencies.

Officials from NATO believe these attacks serve two purposes: to create political tension within countries and to reduce international support for Ukraine. Nations that have supported Ukraine the most— like Poland, Finland, Estonia, and Latvia—have been targeted more often.

In the Baltic Sea, mysterious shipping activity has raised suspicions of Russian involvement in damaging undersea cables and pipelines. On land, authorities in some countries have accused Russia and its close ally Belarus of creating border tensions by pushing migrants toward their borders. Fires in Lithuania and Poland have also been publicly connected to these efforts.

When asked for a response, Russian officials denied all the accusations and claimed there was no solid proof of their involvement.

In a separate investigation, journalists from a European media alliance managed to secretly join an online group linked to Russian hackers. The journalist, after gaining the group's trust, was asked to perform tasks such as putting anti-West stickers in European cities and gathering personal data about people and groups.

This group was also linked to cyberattacks targeting vital infrastructure in European and NATO member countries. They appear to be part of a growing number of hacker collectives that act on behalf of Russian interests.

A European Union representative described these operations as an invisible form of war that is becoming more common across the continent— not just in countries near Russia.

Security experts say Russian intelligence may be hiring short-term agents through online channels to carry out small-scale missions. Because these people work anonymously and are hard to trace, it's difficult to hold anyone directly responsible.

According to the Czech foreign minister, there have been around 500 suspicious cases across Europe. Of these, about 100 have been officially blamed on Russia. He added that such attacks are happening more frequently now.


Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
Technology
AI Europe GDPR Meta Ray-Ban Glasses Technology

Meta Introduces AI Features For Ray-Ban Glasses in Europe

 

Meta has officially introduced certain AI functions for its Ray-Ban Meta augmented reality (AR) glasses in France, Italy, and Spain, marking a significant step in the company's spread of its innovative wearable technology across Europe. 

Starting earlier this week, customers in these nations were able to interact with Meta's AI assistant solely through their voice, allowing them to ask general enquiries and receive responses through the glasses. 

As part of Meta's larger initiative to make its AI assistant more widely available, this latest deployment covers French, Italian, and Spanish in addition to English. The announcement was made nearly a year after the Ray-Ban Meta spectacles were first released in September 2023.

In a blog post outlining the update, Meta stated, "We are thrilled to introduce Meta AI and its cutting-edge features to regions of the EU, and we look forward to expanding to more European countries soon.” However, not all of the features accessible in other regions will be included in the European rollout. 

While customers in the United States, Canada, and Australia benefit from multimodal AI capabilities on their Ray-Ban Meta glasses, such as the ability to gain information about objects in view of the glasses' camera, these functions will not be included in the European update at present.

For example, users in the United States can ask their glasses to identify landmarks in their surroundings, such as "Tell me more about this landmark," but these functionalities are not available in Europe due to ongoing regulatory issues. 

Meta has stated its commitment to dealing with Europe's complicated legal environment, specifically the EU's AI Act and the General Data Protection Regulation (GDPR). The company indicated that it is aiming to offer multimodal capabilities to more countries in the future, but there is no set date. 

While the rollout in France, Italy, and Spain marks a significant milestone, Meta's journey in the European market is far from done. As the firm navigates the regulatory landscape and expands its AI solutions, users in Europe can expect more updates and new features for their Ray-Ban Meta glasses in the coming months. 

As Meta continues to grow its devices and expand its AI capabilities, all eyes will be on how the firm adjusts to Europe's legal system and how this will impact the future of AR technology worldwide.
Read more »
Tech giants
Artifcial Intelligence Data collection Europe GDPR Google Privacy Tech giants

Is Google Spying on You? EU Investigates AI Data Privacy Concerns



Google is currently being investigated in Europe over privacy concerns raised about how the search giant has used personal data to train its generative AI tools. The subject of investigation is led by Ireland's Data Protection Commission, which ensures that the giant technical company adheres to strict data protection laws within the European Union. This paper will establish whether Google adhered to its legal process, such as obtaining a Data Protection Impact Assessment (DPIA), before using people's private information to develop its intelligent machine models.

Data Collection for AI Training Causes Concerns

Generative AI technologies similar to Google's brand Gemini have emerged into the headlines because these tend to create fake information and leak personal information. This raises the question of whether Google's AI training methods, necessarily involving tremendous amounts of data through which such training must pass, are GDPR-compliant-its measures to protect privacy and rights regarding individuals when such data is used for developing AI.

This issue at the heart of the probe is if Google should have carried out a DPIA, which is an acronym for Data Protection Impact Assessment-the view of any risks data processing activities may have on the rights to privacy of individuals. The reason for conducting a DPIA is to ensure that the rights of the individuals are protected simply because companies like Google process humongous personal data so as to create such AI models. The investigation, however, is specifically focused on how Google has been using its model called PaLM2 for running different forms of AI, such as chatbots and enhancements in the search mechanism.

Fines Over Privacy Breaches

But if the DPC finds that Google did not comply with the GDPR, then this could pose a very serious threat to the company because the fine may amount to more than 4% of the annual revenue generated globally. Such a company as Google can raise billions of dollars in revenue every year; hence such can result in a tremendous amount.

Other tech companies, including OpenAI and Meta, also received similar privacy-based questions relating to their data practices when developing AI.

Other general issues revolve around the processing of personal data in this fast-emerging sphere of artificial intelligence.

Google Response to Investigation

The firm has so far refused to answer questions over specific sources of data used to train its generative AI tools. A company spokesperson said Google remains dedicated to compliance with the GDPR and will continue cooperating with the DPC throughout the course of the investigation. The company maintains it has done nothing illegal. And just because a company is under investigation, that doesn't mean there's something wrong with it; the very act of inquiring itself forms part of a broader effort to ensure that companies using technology take account of how personal information is being used.

Data Protection in the AI Era

DPC questioning of Google is part of a broader effort by the EU regulators to ensure generative AI technologies adhere to the bloc's high data-privacy standards. As concerns over how personal information is used, more companies are injecting AI into their operations. The GDPR has been among the most important tools for ensuring citizens' protection against misuse of data, especially during cases involving sensitive or personal data.

In the last few years, other tech companies have been prosecuted with regard to their data-related activities in AI development. Recently, the developers of ChatGPT, OpenAI, and Elon Musk's X (formerly Twitter), faced investigations and complaints under the law of GDPR. This indicates the growing pressure technological advancement and the seriousness in the protection of privacy are under.

The Future of AI and Data Privacy

In developing AI technologies, firms developing relevant technology need to strike a balance between innovation and privacy. The more innovation has brought numerous benefits into the world-search capabilities and more efficient processes-the more it has opened risks to light by leaving personal data not so carefully dealt with in most cases.

Moving forward, the regulators, including the DPC, would be tracking the manner in which the companies like Google are dealing with the data. It is sure to make rules much more well-defined on what is permissible usage of personal information for developing the AI that would better protect individuals' rights and freedoms in this digital age.

Ultimately, the consequences of this study may eventually shape how AI technologies are designed and implemented in the European Union; it will certainly inform tech businesses around the world.


Read more »
Trend Micro
Africa APT41 Cyber Security Cybersecurity Earth Baku Europe malware Middle East sophisticated attacks Threat actor Trend Micro

China-Backed Earth Baku Broadens Cyber Assaults to Europe, Middle East, and Africa

 

The China-backed threat actor Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecoms, technology, healthcare, and education sectors are among those singled out as part of the intrusion set.

Trend Micro researchers Ted Lee and Theo Chen, in an analysis published last week, noted that Earth Baku has updated its tools, tactics, and procedures (TTPs) in more recent campaigns. The group utilizes public-facing applications such as IIS servers as entry points for attacks, subsequently deploying sophisticated malware toolsets on the victim's environment. The findings build upon recent reports from Zscaler and Google-owned Mandiant, which also detailed the threat actor's use of malware families like DodgeBox (aka DUSTPAN) and MoonWalk (aka DUSTTRAP). Trend Micro has assigned them the monikers StealthReacher and SneakCross.

Earth Baku, a threat actor associated with APT41, has been known for its use of StealthVector as far back as October 2020. Their attack chains involve the exploitation of public-facing applications to drop the Godzilla web shell, which is then used to deliver follow-on payloads. StealthReacher has been classified as an enhanced version of the StealthVector backdoor loader, responsible for launching SneakCross, a modular implant and a likely successor to ScrambleCross that leverages Google services for its command-and-control (C2) communication.

The attacks are further characterized by the use of other post-exploitation tools such as iox, Rakshasa, and a Virtual Private Network (VPN) service known as Tailscale. Sensitive data exfiltration to the MEGA cloud storage service is accomplished by means of a command-line utility dubbed MEGAcmd. "The group has employed new loaders such as StealthVector and StealthReacher to stealthily launch backdoor components, and added SneakCross as their latest modular backdoor," the researchers stated.

"The persistence of Earth Baku is notable," said the researchers. "Their tactics show a sophisticated understanding of public-facing applications, allowing them to infiltrate various sectors with precision." They further explained that the group's post-exploitation tools are customized to fit specific operational needs, with iox and Rakshasa playing significant roles in maintaining prolonged access and stealth. Tailscale, the VPN service, ensures the attackers can manage their operations without detection, while MEGAcmd allows for efficient data exfiltration.

The continued evolution of Earth Baku's methods, including the introduction of new malware like SneakCross, highlights the growing complexity and threat posed by this actor. The group’s ability to adapt and refine their TTPs makes them a formidable adversary in the cyber landscape.
Read more »
Privacy
Drugs Europe Healthcare intellectual property Pharmaceutical Firms Privacy

Poland Pushes for Shorter Drug Data Protection in EU

 


At a recent EU meeting in Luxembourg, Poland supported a European Commission proposal to shorten the time new drugs are protected by data exclusivity rules. Health Minister Izabela Leszczyna said Poland prefers one year of market protection over longer periods of data protection.

In April 2023, the European Commission suggested reducing the data exclusivity period for drugs from eight to six years. Minister Leszczyna agreed, saying this would help people access new treatments more quickly without adding extra paperwork. She also proposed one year of market protection for new uses of existing drugs instead of extending data protection.

Balancing Incentives and Access

Minister Leszczyna emphasised that Poland supports measures to ensure all EU countries have access to modern treatments. She suggested that incentives should focus on market protection and not last longer than a year. For drugs treating rare diseases, extending protection could be considered, but for other drugs, different solutions should be found.

Challenges in Generic Drug Production 

Krzysztof Kopeć, President of the Polish Association of Pharmaceutical Industry Employers, highlighted issues with drug shortages, especially for generic drugs. He explained that producing drugs in Europe is becoming less profitable, leading to shortages. Although the European Commission wants to boost drug production in Europe, current regulations do not support this, and production costs are higher in Europe than in Asia.

Concerns from Innovative Drug Companies

Innovative drug companies argue that changing existing intellectual property rules is not the answer to drug access problems. They believe the current rules should continue to support innovation and ensure EU patients can access new treatments. Michał Byliniak, General Director of INFARMA, stressed the need for EU reforms to improve drug supply security, availability, and affordability while also supporting new drug development.

INFARMA is discussing potential risks of shorter protection periods with the Ministry of Health and other stakeholders. They warn that reducing protection could limit access to advanced treatments. INFARMA supports keeping current data protection levels and creating incentives to promote innovation, address unmet medical needs, and encourage research in the EU.

Poland's support for a shorter data exclusivity period shows its commitment to balancing access to new treatments, innovation, and economic realities in the EU drug industry. As discussions continue, the goal remains to create rules that ensure safe, effective, and affordable medicines are available to everyone in Europe.



Read more »
US
Cyber Security Europe financial organizations Hackers malicious scripts Minesweeper game Python clone US

Hackers Use Trojanized Minesweeper Clone to Phish Financial Organizations

 

Hackers are exploiting code from a Python clone of Microsoft's classic Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US.

Ukraine's CSIRT-NBU and CERT-UA have identified the threat actor 'UAC-0188' as responsible for these attacks. They are using the legitimate game code to hide Python scripts that download and install the SuperOps RMM (Remote Monitoring and Management) software. SuperOps RMM, though legitimate, provides remote actors with direct access to compromised systems.

CERT-UA's investigation into the initial discovery has uncovered at least five breaches in financial and insurance sectors across Europe and the United States linked to these same files.

The attack initiates with an email from "support@patient-docs-mail.com," posing as a medical center with the subject "Personal Web Archive of Medical Documents." The email prompts recipients to download a 33MB .SCR file from a Dropbox link. This file includes harmless code from a Python clone of Minesweeper, alongside malicious Python code designed to download additional scripts from a remote source, "anotepad.com."

Incorporating Minesweeper code within the executable helps disguise the 28MB base64-encoded string containing the malicious code, making it seem benign to security software. The Minesweeper code features a function named "create_license_ver," repurposed to decode and execute the hidden malicious code, using legitimate software components to mask and facilitate the attack.

The base64 string decodes to a ZIP file containing an MSI installer for SuperOps RMM, which is extracted and executed using a static password. While SuperOps RMM is a legitimate tool, in this scenario, it grants attackers unauthorized access to the victim's computer.

CERT-UA advises organizations not using SuperOps RMM to treat its presence or related network activity, such as connections to "superops.com" or "superops.ai" domains, as indicators of a compromise.

The agency has also provided additional indicators of compromise (IoCs) associated with this attack at the end of their report.
Read more »
Tech Companies
Change Cyber Security Data Data Safety Digital Act Europe Tech Companies

Europe's Digital Markets Act Compels Tech Corporations to Adapt

 

Europeans now have the liberty to select their preferred online services, such as browsers, search engines, and iPhone apps, along with determining the usage of their personal online data. 

These changes stem from the implementation of the Digital Markets Act (DMA), a set of laws introduced by the European Union targeting major technology firms including Amazon, Apple, Microsoft, Google (under Alphabet), Meta (formerly Facebook), and ByteDance (owner of TikTok).

This legislation marks Europe's ongoing efforts to regulate large tech companies, requiring them to adapt their business practices. Notably, Apple has agreed to allow users to download smartphone apps from sources other than its App Store. The DMA applies to 22 services ranging from operating systems to messaging apps and social media platforms, affecting prominent offerings like Google Maps, YouTube, Amazon's Marketplace, Apple's Safari browser, Meta's Facebook, Instagram, WhatsApp, Microsoft Windows, and LinkedIn.

Companies found in violation of the DMA could face hefty fines, up to 20% of their global annual revenue, and even potential breakup for severe breaches. The impact of these rules is not limited to Europe, as other countries, including Japan, Britain, Mexico, South Korea, Australia, Brazil, and India, are considering similar legislation to curb tech giants' dominance in online markets.

One significant change resulting from the DMA is Apple's decision to allow European iPhone users to download apps from sources beyond its App Store, a move the company had previously resisted. However, Apple will introduce a 55-cent fee for each iOS app downloaded from external stores, raising concerns among critics about the viability of alternative app platforms.

Furthermore, the DMA grants users greater freedom to choose their preferred online services and restricts companies from favouring their own offerings in search results. 

For instance, Google search results will now include listings from competing services like Expedia for searches related to hotels. Additionally, users can opt out of targeted advertising based on their online data, while messaging systems are required to be interoperable, forcing Meta to propose solutions for seamless communication between its platforms, Facebook Messenger and WhatsApp.
Read more »
Security
attackers Cyber Attacks Data Data Safety data security Europe Hackers Safety Security

Europe's Shipping Industry Grapples with Widespread Cyberattack

 

A significant cyberattack has impacted shipping companies across Europe, commencing on Thursday afternoon. The attack, believed to be a Distributed Denial of Service (DDoS) incident, has led to the widespread unavailability of numerous websites. IT teams are currently hard at work, actively addressing and resolving the situation.

Johanna Boijer-Svahnström, the Senior Vice President of Viking Line, discussed the extensive cyberattack that occurred on Thursday. In a statement to HBL, she emphasized that the cyber assault had a notable impact on major shipping companies operating throughout Europe.

"It appears to be a DDOS cyber attack targeting shipping companies across Europe. Our webpages are currently inaccessible, and our IT department is actively working to resolve the issue," Johanna conveyed to HBL.

The Cyber Express reached out to the company to verify the security incident and gather additional information following the cyberattack. Regrettably, at the time of preparing this report, no confirmation has been received from Viking Line.

According to media reports, the Viking Line cyberattack appears to have been a DDoS attack stemming from an overload on the company's website. This cyber assault had a widespread impact, affecting nearly all major shipping companies in the region.

About Viking Line

Viking Line, established in 1959, is a prominent shipping company specializing in cruise, cargo, and passenger services primarily within the Baltic Sea region. The company maintains a fleet of more than 50 vessels offering services in all three categories, with a current workforce of over 2,000 employees.

A recent report citing research conducted by the law firm HFW suggests that the shipping industry is considered an "easy target" for cybercriminals. The same report indicates a notable increase in ransomware attacks, with ransom demands rising by an astounding 350% over the past year.

"Our findings reveal that despite improvements in maritime cybersecurity, the industry remains vulnerable. Shipping organizations are facing a surge in cyberattacks, along with a substantial increase in ransom payment demands. As technology continues to play a larger role across all aspects of shipping, encompassing ship networks, offshore installations, and onshore control centers, the potential for cybersecurity breaches also escalates," reported Heavylift PFI, quoting Tom Walters, a partner at Hollman Fenwick Willan, a global law firm.

Incidents like the Viking Line Cyberattack underscore the critical importance of robust cybersecurity measures within the shipping industry. It serves as a reminder that a proactive approach to cybersecurity across various sectors is imperative to prevent escalating challenges.
Read more »
Unauthorized access
Digital Currency. Digital Payment Encryption Europe Finance online transactions Policymaking process Privacy Unauthorized access

Consumer Finance Group Supports Enhanced Privacy in the Use of Digital Euro

Privacy and security in financial transactions are becoming increasingly important in our digital age. The Consumer Finance Group's recent call for stricter privacy protections for the digital Euro is a proactive step to ensure that people's financial information is protected.

The Consumer Finance Group, a prominent advocate for consumer rights, has raised concerns about the potential privacy vulnerabilities associated with the digital Euro, which is currently under development by the European Central Bank. As reported by ThePrint and Reuters, the group emphasizes the need for robust privacy protections.

One of the key concerns highlighted by the Consumer Finance Group is the risk of digital Euro transactions being traced and monitored without adequate safeguards. This could lead to an invasion of financial privacy, as every transaction could potentially be linked to an individual, raising concerns about surveillance and misuse of data.

To address these concerns, the group has proposed several measures:

  • Enhanced Encryption: They suggest implementing advanced encryption protocols to protect the privacy of digital Euro users. This would make it exceedingly difficult for unauthorized parties to access transaction details.
  • Anonymous Transactions: The group advocates for the option of anonymous transactions, allowing users to make payments without revealing their identities. While this could raise concerns about potential illicit activities, it also protects the privacy of law-abiding citizens.
  • Clear Data Retention Policies: Consumer Finance Group also calls for transparent data retention policies, ensuring that personal financial data is not stored longer than necessary and is subject to strict regulations.
  • User Consent: They propose that users should have clear and informed consent regarding the collection and use of their financial data, empowering individuals to make choices about their privacy.

While these measures are essential for safeguarding privacy, it's essential to strike a balance between privacy and security. Implementing stringent privacy measures must also consider the need to combat financial crimes such as money laundering and terrorism financing.

The European Central Bank and policymakers should carefully consider the recommendations put forth by the Consumer Finance Group. Finding the right balance between privacy and security in the digital Euro's design will be crucial in gaining public trust and ensuring the widespread adoption of this digital currency.

The need for stronger privacy protections in the digital Euro is a reminder of the importance of safeguarding personal financial data in our increasingly digitalized society. Regulators and financial institutions must prioritize addressing these privacy issues as digital currencies become more widely used.

Read more »
Technology
Ban ChatGPT Data Europe Italy Safety Security Technology

Is Italy's ChatGPT Ban Setting a New Standard for the Rest of Europe?

 

After Italy became the first Western country to block advanced chatbot ChatGPT on Friday due to a lack of transparency in its data use, Europe is wondering who will follow. Several neighboring countries have already expressed interest in the decision.

“In the space of a few days, specialists from all over the world and a country, Italy, are trying to slow down the meteoric progression of this technology, which is as prodigious as it is worrying,” writes the French daily Le Parisien.


Many cities in France have already begun with their own research “to assess the changes brought about by ChatGPT and the consequences of its use in the context of local action,” reports Ouest-France.


The city of Montpellier wants to ban ChatGPT for municipal staff, as a precaution," the paper reports. “The ChatGPT software should be banned within municipal teams considering that its use could be detrimental.”


According to the BBC, the Irish data protection commission is following up with the Italian regulator to understand the basis for its action and "will coordinate with all E.U. (European Union) data protection authorities" in relation to the ban.


The Information Commissioner's Office, the United Kingdom's independent data regulator, also told the BBC that it would "support" AI developments while also "challenging non-compliance" with data protection laws.


ChatGPT is already restricted in several countries, including China, Iran, North Korea, and Russia. The E.U. is in the process of preparing the Artificial Intelligence Act, legislation “to define which AIs are likely to have societal consequences,” explains Le Parisien. “This future law should in particular make it possible to fight against the racist or misogynistic biases of generative artificial intelligence algorithms and software (such as ChatGPT). 


The Artificial Intelligence Act also proposes appointing one regulator in charge of artificial intelligence in each country.


The Italian situation

The Italian data protection authority explained that it was banning and investigating ChatGPT due to privacy concerns about the model, which was developed by a U.S. start-up called OpenAI, which is backed by billions of dollars in investment from Microsoft.


The decision "with immediate effect" announced by the Italian National Authority for the Protection of Personal data was taken because “the ChatGPT robot is not respecting the legislation on personal data and does not have a system to verify the age of minor users,” Le Point reported. 


“The move by the agency, which is independent from the government, made Italy the first Western country to take action against a chatbot powered by artificial intelligence,” wrote Reuters. 


The Italian data protection authority stated that it would not only block OpenAI's chatbot, but would also investigate whether it complied with the EU's General Data Protection Regulation.

Protecting minors

It goes on to say that the new technology "exposes minors to completely inappropriate answers in comparison to their level of development and awareness."


According to the press release from the Italian Authority, on March 20, ChatGPT "suffered a loss of data ('data breach') concerning user conversations and information relating to the payment of subscribers to the paid service."


It also mentions the "lack of a legal basis justifying the mass collection and storage of personal data for the purpose of 'training' the algorithms underlying the platform's operation."


ChatGPT was released to the public in November and was quickly adopted by millions of users who were impressed by its ability to answer difficult questions clearly, mimic writing styles, write sonnets and papers, and even pass exams. ChatGPT can also be used without any technical knowledge to write computer code.


“Since its release last year, ChatGPT has set off a tech craze, prompting rivals to launch similar products and companies to integrate it or similar technologies into their apps and products,” writes Reuters.


"On Friday, OpenAI, which disabled ChatGPT for users in Italy in response to the agency's request, said it is actively working to reduce the use of personal data in training its AI systems like ChatGPT."


According to Euronews, the Italian watchdog has now asked OpenAI to "communicate within 20 days the measures undertaken" to remedy the situation, or face a fine of €20 million ($21.7 million) or up to 4% of annual worldwide turnover.


The announcement comes after Europol, the European police agency, warned on Monday that criminals were ready to use AI chatbots like ChatGPT to commit fraud and other cybercrimes. The rapidly evolving capabilities of chatbots, from phishing to misinformation and malware, are likely to be quickly exploited by those with malicious intent, Europol warned in a report.


Read more »
Police hacks phones
EncroChat Europe Hacking Legal challeges Mobile Security Phone network Police hacks phones

Police Hacked Thousands of Phones. Was it Legal?


In October 2020, Christian Lödden’s potential clients sought to discuss just one thing, which carried on for a week. Every individual whom the German criminal defense lawyer has contacted had apparently been utilizing the encrypted phone network EncroChat. This information raised concerns about their devices being hacked, potentially exposing the crimes they may have been a part of. “I had 20 meetings like this. Then I realized—oh my gosh—the flood is coming.” Lödden says. 

Authorities in Europe, led by French and Dutch forces disclosed how the EncroChar network had been compromised several months earlier. More than 100 million messages were siphoned out by malware the police covertly inserted into the encrypted system, exposing the inner workings of the criminal underworld. People openly discussed drug deals, coordinated kidnappings, premeditated killings, and worse. 

The hack, considered one of the largest ever being conducted by the police, was an intelligence gold mine. It led to hundreds of arrests, home raids, and thousands of kilograms of drugs being seized. Following this, thousands of EncroChat members are now imprisoned in Europe, including the UK, Germany, France, and the Netherlands, after two years have passed. 

Hacking EncroChat 

The EncroChat phone network, which was established in 2016, had about 60,000 users when it was uncovered by law enforcement. According to EncroChat's company website, subscribers paid hundreds of dollars to use a customized Android phone that could "guarantee anonymity." The phone's security features included the ability to "panic wipe" everything on the device, live customer assistance, and encrypted conversations, notes, and phone calls using a version of the Signal protocol. Its GPS chip, microphone, and camera may all be taken out. 

Instead of decrypting the phone network, it appears that the police who hacked it compromised the EncroChat servers in Roubaix, France, and then distributed malware to devices. 

According to court filings, 32,477 of EncroChat's 66,134 users in 122 countries were affected, despite the little-known fact on how the breach occurred or the kind of malware deployed. 

The Documents obtained by Motherboard indicated that the investigators might potentially collect all of the data on the phones. The participating law enforcement agencies in the inquiry exchanged this information. (EncroChat claimed to be a legitimate business before shutting down as a result of the breach.) 

Legal Challenged Building Up 

In regard to the hack, Europe is facing several legal challenges. 

While in many countries the court has ruled that the hacked EncroChat messages can be utilized as legal shreds of evidence, these decisions have now been disputed. 

According to a report by Computer Weekly, many of the reported cases possess complexity: Every country has a unique legal system with distinct guidelines about the kinds of evidence that may be utilized and the procedures prosecutors must adhere to. For instance, Germany places strict restrictions on the installation of malware on mobile devices, while the UK generally forbids the use of "intercepted" evidence in court. 

The most well-known objection to date comes from German attorneys. One of the top courts on the continent, the Court of Justice of the European Union (CJEU), received an EncroChat appeal from a regional court in Berlin in October. 

The judge asked the court to rule on 14 issues relating to the use of the data in criminal cases and how it was moved across Europe. The Berlin court emphasized how covert the investigation was. The court decision's machine translation states that "technical specifics on the operation of the trojan software and the storage, assignment, and filtering of the data by the French authorities and Europol are not known." "French military secrecy inherently affects how the trojan software functions." 

Police Being Praised 

Despite the legal issues, police departments all around Europe have praised the EncroChat breach and how it has assisted in locking up criminals. In massive coordinated policing operations that began as soon as the hack was revealed in June 2020, hundreds of people were imprisoned. In the Netherlands, police found criminals using shipping containers as "torture chambers." 

Since then, a steady stream of EncroChat cases has been brought before courts, and individuals have been imprisoned for some of the most severe crimes. The data from EncroChat has been a tremendous help to law enforcement; as a result of the police raids, organized crime arrests in Germany increased by 17%, and at least 2,800 persons have been detained in the UK. 

But is it Legal? 

Despite the police being lauded for capturing the criminals, according to the lawyers, this method of investigation is flawed and should not be presented as evidence in court. They emphasized how the secrecy of the hacking indicates that suspects have not received fair trials. A lawsuit from Germany was then sent to Europe's top court toward the end of 2022. 

If successful, the appeal could jeopardize criminals' convictions across Europe. Additionally, analysts claim that the consequences have an impact on end-to-end encryption globally. 

“Even bad people have rights in our jurisdictions because we are so proud of our rule of law […] We’re not defending criminals or defending crimes. We are defending the rights of accused people,” says Lödden.  

Read more »
Weapon Detection
Europe Security Security Loopholes Technolgy Weapon Detection

Manchester Arena's Weapon Detecting


Evolv claims it can detect all weapons

US-based company "Evolv" known for selling artificial intelligence (AI) scanners, claims it detects all weapons.

However, the research firm IPVM says Evolv might fail in detecting various types of knives and some components and bombs. 

Evolv says it has told venues of all "capabilities and limitations." Marion Oswald, from Government Centre for Data Ethics and Innovation said there should be more public knowledge as well as independent evaluation of the systems before they are launched in the UK. 

Because these technologies will replace methods of metal detection and physical searches that have been tried and tested. 

Raised Concerns

AI and machine learning allow scanners to make unique "signatures" of weapons that distinguish them from items like computers or keys, lessening the need for preventing long queues in manual checks. 

"Metallic composition, shape, fragmentation - we have tens of thousands of these signatures, for all the weapons that are out there. All the guns, all the bombs, and all the large tactical knives," said Peter George, chief executive, in 2021. For years, independent security experts have raised concerns over some of Evolv's claims. 

The company in the past didn't allow IPVM to test its technology named Evolv Express. However, last year, Evolve allowed the National Center for Spectator Sports Safety and Security (NCS4). 

NCS4's public report, released last year, gave a score of 2.84 out of 3 to Evolv- most of the guns were detected 100% of the time. 

IPVM's private report shows loopholes

However, it also produced a separate report (private), received via a Freedom of Information request by IPVM. The report gave Evolv's ability to identify large knives 42% of the time. The report said that the system failed to detect every knife on the sensitivity level noticed during the exercise. 

The report recommended full transparency to potential customers, on the basis of the data collected. ASM Global, owner of Manchester arena said its use of Evolv Express is the "first such deployment at the arena in Europe," it is also planning to introduce technology to other venues. 

In an unfortunate incident in 2017, a man detonated a bomb at an Ariana Grande concert in the arena, which kille22 people and injured more than hundreds, primarily children. 

Evolv's Response

Evolv didn't debate IPVM's private report findings. It says that the company believes in communicating sensitive security information, which includes capabilities and limitations of Evolv's systems, allowing security experts to make informed decisions for their specific venues. 

We should pay attention to NCS4's report as there isn't much public information as to how Evolv technology works. 



Read more »
ransomware attacks
BlackCat Cyber Attacks cyber theft Europe ransomware attacks

Ransomware Hit European Pipeline & Energy Supplier Encevo Linked to BlackCat

 

BlackCat ransomware gang claimed responsibility for the attack that occurred last week on Creos Luxembourg S.A., a company that owns and provides electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. 

In the wake of the news, cyber security researchers reported that they are currently investigating the extent of the damage done. 

Encevo, the parent company of Creos and energy that facilitates five EU countries confirmed on July 25 that the firm suffered a cyberattack over the weekend of July 22–23. The cyberattack had rendered Encevo and Creos’ customer portals inaccessible however, the services themselves remained unaffected. 

According to the reports, the BlackCat ransomware group uploaded 150GB of data on its exaction site stolen from Encevo, including contracts, bills, passports, and emails. The gang is now threatening to release and sell the data within hours if the ransom isn't paid. 

The attack majorly affected the natural gas pipeline and the energy supplier Enovos, however, Encevo assured its users that the supply would not be disrupted. The firm recommended its users update their login credentials as soon as possible, alongside, customers should also change their passwords on other websites if they are the same. 

"For now, the Encevo Group does not yet have all the information necessary to inform personally each potentially affected person. This is why we ask our customers not to contact us at the moment. Once again we apologize to our customers for the inconvenience and we do our best to restore full service as soon as possible. Creos and Enovos emphasize once again that the supply of electricity and gas are not affected and that the breakdown service is guaranteed’’, the company added. 

Reportedly, Creos has been contacted by many cyber news portals enquiring about more technical details and the consequences of the cyberattack, however, the representatives of the company did not share any information on the matter.
Read more »
Russia-Ukraine War
Chinese Actors Cyber Attacks Cyber Espionage Campaign Europe Russia-Ukraine War

European Organizations Targeted by 'Mustang Panda’ Hacking Group

 

Cybersecurity researchers have unearthed a new campaign by advanced persistent threat (APT) group Mustang Panda targeting European and Russian organizations using topical spear-phishing lures linked to the war in Ukraine. 

Mustang Panda, also known as RedDelta, Bronze President, or TA416 has been active since at least 2012 and over the years has targeted entities in EU member states, the United States and Asian countries where China has interests. The targets have included diplomatic organizations, non-governmental organizations (NGOs), religious organizations, telecommunication firms, and political activists.

"Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report published this week. 

The hacking group is known for designing its phishing lures based on current scenarios that might be of interest to its targets. These have included the COVID-19 pandemic, international summits, and political topics. The attacks observed this year by researchers from Cisco Talos and several other security firms used reports from EU institutions regarding the security situation in Europe both before and after Russia's invasion of Ukraine. 

Mustang Panda modus operandi 

The PlugX RAT, also known as KorPlug, continues to remain the Mustang Panda's preferred spying tool. is Mustang Panda’s malware of choice. The threat actor has used multiple variants of it for several years, together with other threat actors originating from China. 

Recent attack campaigns spotted this year have primarily phishing messages containing malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto infected devices. 

A similar technique is also used to target various entities in the U.S. and several Asian countries like Myanmar, Hong Kong, Japan, and Taiwan. 

The researchers also spotted Mustang Panda distributing a malicious file containing PlugX with a Russian name referencing the Blagoveshchensk Border Guard Detachment. But similar attacks identified towards the end of March 2022 show that the actors are upgrading their tactics by minimizing the remote URLs used to obtain different components of the infection chain. 

Other than PlugX, infection chains utilized by the APT group have involved the deployment of custom stagers, reverse shells, Meterpreter-based shellcode, and Cobalt Strike, all of which are used to establish remote access to their targets with the intention of conducting espionage and information theft. 

"By using summit- and conference-themed lures in Asia and Europe, this attacker aims to gain as much long-term access as possible to conduct espionage and information theft," Talos researchers added.
Read more »
Whatsapp Data
Cyber Attacks cybercriminals Encrypted Files Europe FIFA Private Data Trojan Whatsapp Data

Spanish FA Reported a Cyber Attack, Private Texts Seized

 

Police have been informed that the Royal Spanish Football Federation (RFEF) has witnessed a cyber attack. In recent months, top leaders of the union, particularly president Luis Rubiales, have had documents and information from private email accounts, private texts, and audio calls taken.

Headquartered in Las Rozas, La Ciudad del Ftbol, a community near Madrid, the Royal Spanish Football Federation is Spain's football regulating organization. The Spanish FA won the 2010 FIFA World Cup and two European Championships in a row as a result of these events. 

"It's likely this personally identifiable information, taken unlawfully and with clear criminal purpose, was provided to numerous media," the RFEF added. 

Before the publishing of the information, an unnamed journalist informed the RFEF claiming its media outlet had been provided access to illegally acquired material from an unknown source who communicated over an encrypted voice. 

"Through third parties, the media outlet in issue claimed to have obtained confidential contracts, private WhatsApp conversations, emails, and a variety of documents involving the RFEF management," the journalist told. "If accurate, it would be a crime of secret revelation and a breach of the people attacked's fundamental rights." 

The Spanish FA has condemned such "criminal and mafia" acts to all relevant organizations, as well as appointed a private firm to improve security and prevent future attacks.

Cyberattacks, like hacktivists, can be linked to cyber warfare or cyberterrorism. To put it another way, motivations can differ. And there are three basic types of motivations: criminal, political, and personal. Money theft, data theft, and company disruption are all options for criminally minded attackers.
Read more »
Toddler
Banking Trojan Europe malware Toddler

Toddler Android Banking Malware Spreads Across Europe

 

Cybersecurity researchers have unearthed a new Android banking Trojan dubbed ‘Toddler’, which is infecting users across Europe. According to the team at the PRODAFT Threat Intelligence (PTI), Toddler, also known as TeaBot / Anatsa, is part of an increasing trend of mobile banking malware attacking countries such as Spain, Germany, Switzerland, and the Netherlands. 

The malware was first identified in January by a cybersecurity firm Cleafy. Threat actors have used the malware to attack users of 60 banks in Europe. In June, Bitdefender discovered Spain and Italy as two countries where users were most likely to get infected.

According to PTI, Spain has secured the top spot in cyberattacks in this year’s malware analysis. To date, at least 7,632 mobile devices have been infected. After breaking into the Command and Control (C2) server used by Trojan horse operators, the researchers also discovered over 1000 sets of stolen banking credentials.

Cybersecurity researchers have spotted numerous legitimate websites “serving” the Toddler malware through malicious .APK files and Android apps. However, there is no evidence of the malware on the Google Play Store. 

Toddler is pre-configured to target the users of “dozens” of banks across Europe, yet all of the known infections so far relate to just 18 different financial organizations, five of which comprise 90% of attacks. The Trojan works by utilizing overlay attacks to trick victims into submitting banking credentials on fraudulent login screens. Once installed, the malware monitors what legitimate apps are being opened -- and once target software is launched, the overlay attack begins. 

"Toddler downloads the specially-crafted login page for the opened target application from its C2. The downloaded webview phishing page is then laid over the target application. The user suspects nothing because this event happens almost instantaneously when the legitimate application is opened,” PRODAFT noted.

The malware also attempts to steal other account records, such as those used to access cryptocurrency wallets. The C2 command list includes the activation of an infected device’s screen, prompting users to grant permissions, uninstalling apps, and trying accessing Google Authenticator via accessibility. 

The level of permanence that this Trojan can sustain is unusual. Toddler includes multiple persistence mechanisms. Most notably, it exploits accessibility features to prevent infected devices from rebooting. "Toddler sets a new precedent for persistence module implementation. Removal of the malware from the device requires huge technical expertise, and it looks like the process will not get easier in the future,” researchers stated.
Read more »
NATO
Cloud Security Cyber Crime Europe Hackers NATO

NATO's Cloud Platform Hacked

 

The SOA & IdM platform is utilized by NATO and is classified as secret. It was used to conduct various critical functions inside the Polaris programme. The North Atlantic Treaty Organization (NATO), commonly known as the North Atlantic Alliance, is an intergovernmental military alliance made up of 30 European and North American countries. 

The organization is responsible for carrying out the North Atlantic Treaty, which was signed on April 04, 1949. NATO is a collective defense organization in which NATO's independent member states commit to defending each other in the event of an external attack. NATO's headquarters are in Haren, Brussels, Belgium, and Allied Command Operations' headquarters is near Mons, Belgium. 

Polaris was developed as part of NATO's IT modernization effort and uses the SOA & IdM platform to provide centralized security, integration, and hosting information management. The military alliance classified the platform as a secret because it performs multiple key roles. 

According to the hackers, they used a backdoor to make copies of the data on this platform and attempted to blackmail Everis. They went even further, making jokes about handing over the stolen material to Russian intelligence. 

Paul Howland, Polaris Program Officer explained the benefits of the program: “This project has the potential to be a game-changer in how NATO will develop and deploy its operational services in the future. It will drive innovation and reduce costs. Operational by ensuring a much greater reuse of deployed capacities". 

The hackers who carried out the attack said they had no idea they could take advantage of a flaw in the NATO platform at first. Furthermore, they concentrated solely on Everis' corporate data in Latin America, despite NATO's announcement that it was ready to respond to a cyber-attack. One of the secure NATO systems was among Everis' subsidiaries, much to their astonishment. 

After analyzing the company and discovering documents connected to drones and military defense systems, the hackers continued stealing more data from Everis networks. They justified their actions by claiming that they were not "for peace on earth and in the cyber world" when they slowed the development of the Polaris programme. The hackers sought a ransom of XMR 14,500 from Everis in exchange for not linking the company's identity to the LATAM Airlines data breach. They've also demanded this money in exchange for not revealing any NATO data.
Read more »
Subscribe to: Posts (Atom)