Security News
The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria. ENISA is grateful for the guidance and support from Member States via the European Cybersecurity Certification Group and for the contributions of the Stakeholder Cybersecurity Certification Group.
In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As well as the App Store changes, Apple will prompt iOS users in the EU to select a preferred browser instead of defaulting to Safari in accordance with the DMA. These changes will come with iOS 17.4 in the EU in March. In response, Apple built new options for iOS, Safari on iOS, the App Store and developer app analytics.
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act compliance in the European Economic Area to allow European users to uninstall all apps in Windows by March 6. The KB5034203 is a monthly non-security optional cumulative update that enables Windows administrators to try out fixes and improvements that will come with the February 2024 Patch Tuesday release.
Basically, everyone who believes in a free and safe internet is speaking out against eIDAS. The unintended consequences of the bill are so great that Mozilla recently shared an open letter co-signed by a raft of internet companies concerned that eIDAS will make the internet less secure. Mozilla warned in a separate statement that any EU government could "Issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state."
As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...
Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software. The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.
The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority in July. The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission to ban the processing of personal data for behavioral advertising across the entire European Economic Area within two weeks.
The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from unauthorized access or use. Failure to do so, would be a costly oversight on their part, as the penalties associated with the GDPR are severe and are applied across international borders at the discretion of the EU data protection authorities.
Opinion When I was in Bilbao recently for the Open Source Summit Europe event, the main topic of conversation was the European Union's Cyber Resilience Act. Why? Because pretty much everyone with an open source clue sees it as strangling open source software development.
While the CRA doesn't demand companies forward an exploited vulnerability's full technical specifications to ENISA, it does require companies to report on a vulnerability "With details"-and these details could be more than enough to attract the attention of a savvy attacker. As the CERT Guide to Coordinated Vulnerability Disclosure puts it: "Mere knowledge of a vulnerability's existence in a feature of some product is sufficient for a skillful person to discover it for themselves."