Security News

Two days after its Digital Services Act came into effect, the European Union used it to open an investigation into made-in-China social network TikTok. European Commissioner Thierry Breton delivered news of the probe in a Xeet that revealed the investigation will consider "Suspected breach of transparency & obligations to protect minors."

Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was "Necessary" to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was "Coordinated from abroad through secret chats via Telegram." The government claimed that a second terrorist attack that year was prevented after the government discovered it was being coordinated through Telegram chats.

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria. ENISA is grateful for the guidance and support from Member States via the European Cybersecurity Certification Group and for the contributions of the Stakeholder Cybersecurity Certification Group.

In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As well as the App Store changes, Apple will prompt iOS users in the EU to select a preferred browser instead of defaulting to Safari in accordance with the DMA. These changes will come with iOS 17.4 in the EU in March. In response, Apple built new options for iOS, Safari on iOS, the App Store and developer app analytics.

Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act compliance in the European Economic Area to allow European users to uninstall all apps in Windows by March 6. The KB5034203 is a monthly non-security optional cumulative update that enables Windows administrators to try out fixes and improvements that will come with the February 2024 Patch Tuesday release.

Basically, everyone who believes in a free and safe internet is speaking out against eIDAS. The unintended consequences of the bill are so great that Mozilla recently shared an open letter co-signed by a raft of internet companies concerned that eIDAS will make the internet less secure. Mozilla warned in a separate statement that any EU government could "Issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state."

As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...

Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software. The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority in July. The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission to ban the processing of personal data for behavioral advertising across the entire European Economic Area within two weeks.

The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from unauthorized access or use. Failure to do so, would be a costly oversight on their part, as the penalties associated with the GDPR are severe and are applied across international borders at the discretion of the EU data protection authorities.