Cybersecurity

Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer. Despite publicly shutting down in late 2023, Inferno Drainer remained fully operational. Smart contracts deployed in 2023 continued to be used into 2025. Recent campaigns show notable technical upgrades and infrastructure improvements. Inferno Drainer employs advanced anti-detection tactics — including single-use and short-lived smart contracts, on-chain encrypted configurations, and proxy-based communication — successfully bypassing wallet security mechanisms and anti-phishing blacklists. In just the last six months, more than 30,000 wallets were victimized by Inferno Drainer, resulting in at least $9 million in losses. The combination of evolving technical sophistication and convincing social engineering continues to drive the success of these attacks.

cross-posted from: https://lemmy.sdf.org/post/33999334

Archived

• Under the new rules, tenders will award bonus scores to offers that deploy cybersecurity technologies manufactured in Italy, EU member states, NATO countries, or other like-minded partners.
• The legislation follows high‑profile incidents of Chinese technology infiltrating sensitive sites, ranging from surveillance cameras in courts and ministries to thermoscanners at the prime minister’s office, and the award of customs‑scanner contracts to China’s Nuctech.
• Products include: video surveillance and access‑control systems (including baggage and cargo scanners); VPN‑capable digital networking products, routers, modems (including satellite types), and switches; firewalls, intrusion detection and prevention systems; network storage and backup solutions; cloud services; drone‑control software
• Preference is extended to suppliers from the EU, NATO members, and “like‑minded” countries with collaboration agreements—namely Australia, South Korea, Japan, Israel, New Zealand, and Switzerland.
• The government retains authority to update the list of covered categories and beneficiary states, based on recommendations from public administrations and intelligence agencies, ensuring the framework evolves alongside emerging security needs.

[...]

[This is an op-ed by Tin Pak, visiting academic at the National Defense University and a researcher at the Institute for National Defense and Security Research in Taiwan, and Chen Yu-cheng, an associate professor at the National Defense University.

The term “assassin’s mace” originates from Chinese folklore, describing a concealed weapon used by a weaker hero to defeat a stronger adversary with an unexpected strike. In more general military parlance, the concept refers to an asymmetric capability that targets a critical vulnerability of an adversary. China has found its modern equivalent of the assassin’s mace with its high-altitude electromagnetic pulse (HEMP) weapons, which are nuclear warheads detonated at a high altitude, emitting intense electromagnetic radiation capable of disabling and destroying electronics.

An assassin’s mace weapon possesses two essential characteristics: strategic surprise and the ability to neutralize a core dependency. HEMP weapons fit both criteria. In nanoseconds, a single HEMP detonation at an altitude between 20km and 50km can disable electronic infrastructure across large swathes of Taiwan. There would be little warning, as the Chinese People’s Liberation Army (PLA) fields DF-17 hypersonic missiles, capable of delivering a HEMP warhead above Taiwan in a matter of minutes.

HEMPs strike at the foundation of modern society, its electronic systems. Every critical infrastructure uses electronics, from telecommunications, hospitals, energy production and distribution facilities, and even water purification systems.

...

cross-posted from: https://lemmy.sdf.org/post/33977882

[...]

EU lawmaking needs to be based in evidence and reality

Encryption is an important technology to protect people’s rights and freedoms and an absolute requirement to navigate safely online. Still, plans that could undermine encryption have been at the centre of discussions at EU level, which has received heavy criticism. The proposed roadmap echoes in part a report published last year by the opaque “High Level Group on Access to Data for Effective Law Enforcement”.

Several years of negotiations by policy-makers have not changed the scientific consensus that it is impossible to give law enforcement access to end-to-end encrypted communications without creating vulnerabilities that malicious actors and repressive governments can exploit. The technical truth remains: you cannot switch off end-to-end encryption without serious cybersecurity and human rights issues for all.

Former Commissioner Johansson, at the helm of the controversial Child Sexual Abuse Regulation, did not want to listen to expert advice. Now with Commissioner Virkkunen at helm of the Technical Roadmap, we hope that she will be willing to listen to technical and digital rights community, will ensure seats at the table for public interest technologists and groups specialised in privacy, cybersecurity, and human rights. EU lawmaking needs to be based in evidence and reality, not “magical thinking“.

[...]