You are here
Home > News

NIS Directive: Who are the Operators of Essential Services (OES)?

Work for a bank or ISP? Systems going down because of attacks, or negligence, or both? Congratulations, NIS applies to you...: The NIS Directive does not define explicitly which entities are to be considered as OES under its scope. Instead, it provides criteria that Member States need to apply in order to carry out an identification process to determine which enterprises will be considered operators of essential services and therefore subject to the obligations under the Dir

End-to-end encryption means Huawei bans are about availability, not interception

If I understand this volte-face correctly, the guy that wanted encryption banned is also saying that end-to-end encryption mitigates the risk of interception by bad actors?... [...] The former Australian Prime Minister also addressed the ban on Huawei he introduced, and echoed thoughts he expressed in March last year, that a threat is the combination of capability and intent, and while capability takes years to create, intent can change instantly. "It's not a question of

Europe’s privacy overhaul has led to $126 million in fines — but regulators are just getting started

If you haven't got your privacy position sorted yet, I hope your business has deep pockets/an understanding insurance provider...: The European Union’s overhaul of data privacy regulation is estimated to have generated 114 million euros ($126 million) in fines since it was introduced almost two years ago. Since its implementation in May 2018, the General Data Protection Regulation (GDPR) led to over 160,000 data breach notifications across Europe, according to research fr

Mitsubishi Electric reports cyber-attack

6 months ago!...: Mitsubishi Electric says it suffered a cyber-attack last year that may have compromised personal and corporate data. The company is engaged in businesses ranging from household appliances to communications, space and defense. The electronics giant says the hacking came to light after an in-house terminal showed suspicious movements last June. The company did not identify any suspects for the unauthorized access. Mitsubishi says it confirmed there was

New Attack Campaigns Suggest Emotet Threat Is Far From Over

There's life in the old dog yet...: Cisco Talos on Thursday reported seeing increased Emotet activity targeting US military domains and domains belonging to state and federal governments. According to the vendor, the operators of Emotet appear to have successfully compromised accounts of one or more people working for or with the US government and sent out spam emails containing the malware to their contacts. The result was a rapid increase in the volume of messages conta

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix …

I've seen some great exploits published over the past few hours but, just a reminder, they sky is not falling in just yet...: [...] One proof-of-concept code sample available to all is a tiny package of just 50-or-so lines of Python. Despite the ease with which the exploit is able to do its work, the author, Yolan Romailler at Swiss security shop Kudelski, said people shouldn't panic over the network traffic eavesdropping aspect of CVE-2020-0601: a snoop has to be able to in

Critical Cisco Flaws Now Have PoC Exploit

If you're a network admin, I suspect I might know what you're doing this weekend...: Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager (DCNM) tool for managing network platforms and switches. The three critical vulnerabilities in question (CVE-2019-15975, CVE-2019-15976, CVE-2019-15977) impact DCNM, a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisc

Spy probe shakes up Brussels lobbying culture

Just a reminder that 'old-fashioned' espionage still goes on...: News of an investigation into a former senior EU diplomat suspected of spying for China is sending shockwaves through Brussels’ closely interlinked circles of lobbyists, officials and politicians. While no one has been charged in the probe in Germany and Belgium, officials and lobbyists in the EU capital are already discussing the potential impact of the bombshell revelation that an EU veteran employed by a

Companies Hit By Iranian Cyberattacks May Not Have Insurance Coverage

Good advice...: [...] So here are a few tips for entities purchasing cyber insurance if they really want to make sure that they have the coverage that they think they have. First, negotiate the removal of the exclusion. I’m not sure that an “act of war” exclusion applies to DDoS, ransomware or other kinds of cyberattacks as a matter of public policy. In fact, it is precisely these kinds of attacks that the insured is buying insurance to cover. Second, if the insurer wo