Security News
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and online data breach marketplaces.This week, users reported seeing the private key for EU Digital Covid certificates circulating on messaging apps, like Telegram.
The EU's new directive will add new provisions regarding how domain registrars collect information from registrants and who will have access to said information. "In order to ensure the availability of accurate, verified and complete domain name registration data, TLD registries and entities providing domain name registration services should be required to collect domain name registration data. They should aim to ensure the integrity and availability of such data by implementing technical and organisational measures, such as a confirmation process for registrants," reads an amendment in a draft of the new EU legislation.
In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called "Ghostwriter." Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and cyberattacked Parliament members, other politicians and government officials, and journalists. It's not the first time the campaign has been attributed to Russia, but on Friday, the EU Council made the link official.
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. "These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data," European Council officials said in a press release today.
Ireland's Data Privacy Commissioner has hit Facebook-owned messaging platform WhatsApp with a €225 million administrative fine for violating the EU's GDPR privacy regulation after failing to inform users and non-users on what it does with their data. EU data regulators can impose maximum GDPR fines of up to €20 million or 4% of the infringing company's annual global turnover - whichever is greater - for violating EU's privacy laws.
Ireland dramatically loosened international travel restrictions on Monday, joining an EU-wide pandemic passport scheme weeks later than the rest of the bloc after a ransomware attack hobbled healthcare IT systems. All EU member states were connected to a matching digital Covid certificate system on July 1.
Secureworks announced its new Taegis XDR cloud data storage instance in Frankfurt, Germany, for European Union customers and channel partners who prefer to store their telemetry data within the EU. This investment reinforces Secureworks' ongoing commitment to EU customers and partners, while enhancing Secureworks' readiness to fulfill accelerated growth and meet rising demand in the region. The EU General Data Protection Regulation addresses the transfer of personal employee and customer data outside the EU and the European Economic Area.
The European Consumer Organisation announced Monday it had lodged a complaint with the European Commission against Facebook's attempt to modify the terms of service for the WhatsApp messenging service. The US tech titan has sought to nudge users of its messenger platform to accept new terms of service, but Facebook denies that this would allow WhatsApp to share more user data with its main social platform.
Joint Cyber Unit will create more situational awareness and guarantee preparedness to large-scale cybersecurity crises. In the EU, this has taken the form of a new Joint Cyber Unit, situated next to ENISA's offices in Brussels.
The EU's data protection agencies on Monday called for an outright ban on using artificial intelligence to identify people in public places, pointing to the "Extremely high" risks to privacy. In a non-binding opinion, the two bodies called for a "General ban" on the practice that would include "Recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context".