Security News

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU's cybersecurity agency - though the risk of an "Uncontrolled cyber arms race" among nation states is growing. The EU Agency for Cybersecurity said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.

Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

The EU's top court on Tuesday put limits on how European spy and security agencies could harvest troves of personal data, but said this could be done under a serious threat to national security. At the request of the courts in France, Belgium and Britain, the European Court of Justice confirmed that "EU law precludes national legislation" that requires telcos and tech companies to carry out the "Indiscriminate retention" of data, a statement said.

No matter the legal reasoning, an "Adequacy" decision to let data flow between the UK and the EU will hinge on the ups and downs of the wider Brexit negotiations, which are entering a tense final phase. At the end of the Brexit transition period, when business-as-usual trading with the EU will come to an end and the UK begins dealing with the world's largest trading bloc on new terms, the EU will need to decide whether the new UK data rules are sufficiently aligned with GDPR and allow the uninterrupted transfer of personal data from the EU to the UK. Such a decision of "Adequacy" in the relationship with EU data law is said to be important to the UK working as a successful digital economy.

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don't protect users from American government snooping. The social network said Wednesday that Ireland's Data Protection Commission has started an inquiry into how Facebook shifts data from the European Union to the United States.

Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU. This is according to a report from the Wall Street Journal, which said that Irish eyes won't be smiling come this Fall after a preliminary order to suspend data transfers to the US about its users was sent to Mark Zuckerberg's firm by the Irish Data Protection Commission. The news comes in the wake of an EU court ruling two months ago that transatlantic data protection arrangements - known as Privacy Shield - were "Inadequate".

European Union privacy regulators are wrangling over the penalty Ireland's data privacy watchdog was set to issue Twitter for a data breach, pushing back the case's long awaited conclusion under the bloc's tough new data privacy rules. The Irish Data Privacy Commission was expected to issue its decision in the Twitter case, which would be its first involving a U.S. technology company since the new privacy law, known as GDPR, took effect in 2018, allowing for hefty fines.

The European Union has, for the first time ever, slapped sanctions on hacking crews. "Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," the EU said of the decision.

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

The European Union imposed its first ever sanctions against alleged cyber attackers on Thursday, targeting Russian and Chinese individuals and a specialist unit of Moscow's GRU military intelligence agency. The best known of the targeted entities is the Main Centre for Special Technologies, a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation - better known as the GRU. This unit, based on Kirova Street in Moscow, is said to have carried out attacks known as NotPetya and EternalPetya in June 2017, hitting EU private companies with ransomware and blocking data.