Security News

India's government and the European Union have signed up to create a "Trade and Technology Council" - an entity the EU has previously only created to enhance its relationship with the United States. Details of the Council's scope of operations have not been revealed, but the EU/US version of the entity works on standards for emerging technologies, tech supply chains, information security, data governance, preventing misuse of technology when it threatens security and human rights, and SME access to and use of digital technologies.

The European Union Agency for Cybersecurity publishes a map of national coordinated vulnerability disclosure policies in the EU Member States and makes recommendations. Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union.

Members of the European Parliament from the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties have agreed on adopting draft legislation for more transparent crypto asset transactions. The new rules will cover transactions from private-held cryptocurrency wallets without considering transaction thresholds, which erases any limits for anonymous transactions - previous proposal allowed up to €1000 to be transferred without giving any details about the sender and the recipient.

The China-aligned group tracked as TA416 has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine. According to a new report by Proofpoint, TA416 spearheads cyber-espionage operations against the EU, consistently focusing on this long-term role without reaping opportunistic gains.

The particular provision requires web browsers like Chrome, Safari, and Firefox to accept QWACs, which practically compels browser developers and security advocates to ease their security stance. TLS certificates are vital for the online exchange of sensitive information with websites such as passwords, sensitive uploads, or payment details.

What is Schrems II? Schrems, a former law student, brought the latest edition of the long-running case in 2015, complaining that Ireland's data protection agency still wasn't preventing Facebook Ireland Ltd from beaming his data to the US under Privacy Shield. In July 2020, the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US, triggering a fresh wave of legal confusion over the transfer of EU subjects' data to America.

Ransomware remains a prime threat, putting millions of organizations at risk. An analysis of the rise in major threats is made available in the Agency's 2021 Annual Threat Landscape report.

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "Unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor said in its preliminary remarks.

Officials from the EU and US are nearing a solution in long-running negotiations over transatlantic data sharing. Previous legal arrangements for sharing data between the two jurisdictions, the so-called Privacy Shield, were struck down by the EU Court of Justice in what became known as the Schrems II ruling in 2020.

PolKit vulnerability can give attackers root on many Linux distrosA memory corruption vulnerability in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges. Attackers connect rogue devices to organizations' network with stolen Office 365 credentialsAttackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. Stealthy Excel malware putting organizations in crosshairs of ransomware gangsThe HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks.