Security News
The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from...
84% of financial institutions have been exposed to a fourth-party breach - illustrating how a vast web of unseen risks are hiding in plain sight. "If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it's likely that the overall cyber resilience for other financial entities is actually much lower," said Matthew McKenna, Chief Sales Officer, SecurityScorecard.
Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court, to which EU individuals will have access.
European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the Commission's internal networks. There are concerns that backdoors in Huawei equipment could allow China to spy on foreign nations, given Chinese law requires local businesses to share info with Beijing.
The Irish Data Protection Commission has announced a $1.3 billion fine on Facebook after claiming that the company violated Article 46(1) of the GDPR. More specifically, it was found that Facebook transferred data of EU-based users of the platform to the United States, where data protection regulations vary per state and have been deemed inadequate to protect the rights of EU data subjects. As a result of the infringement, the DPC imposed a record €1.2 billion fine on Facebook's parent company, Meta Ireland, and requested that all data transfers that violate the GDPR be suspended within five months of the decision.
The backdoor malware is deployed in a custom and malicious firmware designed specifically for TP-Link routers so that the hackers can launch attacks appearing to originate from residential networks. While Check Point has not determined how the attackers infect TP-Link routers with the malicious firmware image, they said it could be by exploiting a vulnerability or brute-forcing the administrator's credentials.
Cloud services providers that aren't based in Europe - like the Big Three - may have to team up with a cloud that is operated and maintained from the EU if they want ENISA's stamp of approval for handling sensitive data. ENISA, the European Union's cybersecurity agency, is currently developing a cybersecurity certification scheme that aims to better protect member-state governments' and businesses' data.
EU MEPs want to start the public body - along with a host of other recommendations contained in a report that landed last night - after the so-called PEGA committee spent over a year looking into the use of Pegasus and equivalent spyware. In April, Citizen Lab and Microsoft both reported that a zero-click exploit allegedly developed by Israeli spyware company QuaDream - called "Reign" - was used to deliver spyware on devices running Apple's iOS 14 on victims' phones.
The Commission adopted the first designation decisions under the Digital Services Act, designating 17 Very Large Online Platforms and 2 Very Large Online Search Engines that reach at least 45 million monthly active users. Following their designation, the companies will now have to comply, within four months, with the full set of new obligations under the DSA. These aim at empowering and protecting users online, including minors, by requiring the designated services to assess and mitigate their systemic risks and to provide robust content moderation tools.
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service, to widespread attacks targeting NATO and European Union countries. The attackers have targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.