Security News
The European Parliament's Internal Market and Consumer Protection Committee has adopted the Digital Services Act proposal by 36 votes to 7 and 2 abstentions. The main goal of the DSA is to empower EU regulators to control large internet platforms and impose stricter mechanisms for removing "Fake news" and "Abusive content."
Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. "As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized," the Cyberpolice Department of the National Police of Ukraine said.
It was reported that the private key used to sign EU Digital Covid certificates was leaked and circulated on messaging apps and online data breach marketplaces. The key was misused to generate certificates for Adolf Hitler, Mickey Mouse, and Sponge Bob that were, for a short time, recognized as valid by official government apps.
The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency. In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.
The European Commission has taken action to improve the cybersecurity of wireless devices available on the European market. The delegated act to the Radio Equipment Directive adopted today aims to make sure that all wireless devices are safe before being sold on the EU market.
Having struck down Safe Harbor - the agreement governing EU-US data transfers - in 2015, the Court of Justice of the European Union went on to condemn its replacement, the beleaguered EU-US Privacy Shield, to a similar fate just over a year ago. Now, it would be wrong to say that lightning struck a third time - the CJEU did not invalidate SCCs - but the Court did rule, in the same judgment that put an end to the Privacy Shield, that businesses must assess the underlying transfer of data to which the contracts apply.
As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU's Green Pass vaccine passports. On Wednesday, the Italian news agency ANSA reported that several underground vendors were selling passes signed with the stolen key on the Dark Web, and that the EU had called "Several high-level meetings" to investigate whether the theft was an isolated incident.
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and online data breach marketplaces.This week, users reported seeing the private key for EU Digital Covid certificates circulating on messaging apps, like Telegram.
The EU's new directive will add new provisions regarding how domain registrars collect information from registrants and who will have access to said information. "In order to ensure the availability of accurate, verified and complete domain name registration data, TLD registries and entities providing domain name registration services should be required to collect domain name registration data. They should aim to ensure the integrity and availability of such data by implementing technical and organisational measures, such as a confirmation process for registrants," reads an amendment in a draft of the new EU legislation.
In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called "Ghostwriter." Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and cyberattacked Parliament members, other politicians and government officials, and journalists. It's not the first time the campaign has been attributed to Russia, but on Friday, the EU Council made the link official.