Security News

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States countries. Cisco Talos reports having evidence of YoroTrooper exfiltrating large volumes of data from infected endpoints, including account credentials, cookies, and browsing histories.

With the EU Cyber Resilience Act, the industry is dealing with one of the strictest regulatory requirements. There are hardly any established procedures for this: "Among other things, the EU Cyber Resilience Act will require a cyber risk assessment before a product is put on the market. All manufacturers must start now to integrate the upcoming requirements into their product development, as the development of new products and variants often takes many months and years," says Jan Wendenburg, CEO of ONEKEY. Documentation requirements and the need for a SBOM. In addition to security measures against unauthorised access, companies will also be required to manage software vulnerabilities and patches in the future - before damage is caused by exploitable vulnerabilities.

Lawmakers in the European Parliament have urged the European Commission not to issue the "Adequacy decision" needed for the EU-US Data Privacy Framework to officially become the pipeline for data to freely flow from the EU to the States. European rules around privacy, data collection, and data subjects' rights are considerably stronger than those in America, hence the need for rules of engagement that make US companies' treatment of EU data as good as what they'd get at home.

The cybersecurity skills shortage is a global problem, but each region - including Europe or, more specifically, the EU - has distinct problems it has to tackle to solve it. The cybersecurity skills shortage is still a huge problem for global organizations.

In the last few weeks alone, among others, a leading German children's food manufacturer and a global Tier1 automotive supplier, headquartered in Germany, were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023.

Google is calling EU cybersecurity foundersGoogle announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware attack was executed by using previously unknown security exploitThe MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.

Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. The three-month program, announced last fall, will start in April and connect the finest of Google with the top European cybersecurity firms.

"The DPC corresponded with Twitter International Unlimited Company in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday. Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation or Data Protection Act 2018 provisions.

Microsoft has confirmed that from the beginning of 2023, it will introduce an EU Data Boundary solution designed to help customers in the European Union and the European Free Trade Association comply with legislation including the General Data Protection Regulation. From January 1st, the Redmond tech monster promises to give customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services.

The signature of a US Executive Order by President Biden on 7 October 2022, along with the regulations issued by US Attorney General Merrick Garland, agreed that access to personal data from Europe by US intelligence agencies would be limited to what is necessary and proportionate to protect national security. Under the Cloud Act, US law enforcement authorities can request personal data from US-based technology companies, regardless of the data's location, and this has been one of the key reasons data sharing with America is viewed as potentially not complying with EU privacy rules.