Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia
The Council imposed restrictive measures on three individuals involved in cyber-attacks against Estonia.
Bolstering the cybersecurity of the healthcare sector
The Commission has presented an EU Action Plan to strengthen the cybersecurity of hospitals and healthcare providers. This initiative is a key priority within the first 100 days of the new mandate, aiming to create a safer and more secure environment for patients. In 2023 alone, EU countries reported 309 significant cybersecurity incidents targeting the healthcare sector – more than any other critical sector. As healthcare providers increasingly use digital health records, the risk of data-related threats continues to rise. Many systems can be affected, including electronic health records, hospital workflow systems, and medical devices. Such threats can compromise patient care and even put lives at risk.
EU law enforcement training agency data breach: Data of 97,000 individuals compromised - Help Net Security
Personal data of nearly 100,000 individuals that have participated in trainings organized by EU CEPOL has potentially been compromised.
Drones, Exploding Parcels and Sabotage: How Hybrid Tactics Target the West
Russia and other hostile states have become increasingly brazen in adopting “gray zone” attacks against Europe and the United States, leaving defense officials with a dilemma: How to respond?
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
Commission opens formal proceedings against TikTok under DSA
Today, the Commission has opened formal proceedings against TikTok for a suspected breach of the DSA in relation to TikTok's obligation to properly assess and mitigate systemic risks linked to election integrity, notably in the context of the recent Romanian presidential elections on 24 November.
Meta fined $263M over 2018 security breach that affected ~3M EU Facebook users
Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of users, which the
'Operation Digital Eye' Attack Targets European IT Orgs
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.
Europe’s privacy watchdog probes Google over data used for AI training
Meta and X have already paused some AI training over same set of concerns.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F22512651%2Facastro_210512_1777_deepfake_0003.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Dutch regulator slaps Clearview AI with $33 million fine, threatens executive liability - The Verge
The Dutch Data Protection Authority imposed the largest fine yet against facial recognition company Clearview AI under the GDPR.
Breaking: Meta halts AI rollout in Europe after ‘request’ from Irish data protection authorities
Facebook and Instagram's parent company Meta is pausing its plans to roll our artificial intelligence tools in Europe, following a request from Ireland's Data Protection Commission (DPC), the firm said in a Friday (14 June) blogpost.
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite
Microsoft's education-focused flavor of its cloud productivity suite, Microsoft 365 Education, is facing investigation in the European Union. Privacy
Revealed: Russian legal foundation linked to Kremlin activities in Europe | Russia | The Guardian
Leaked internal documents have exposed the activities of a Russian state-backed legal defence foundation that European intelligence agencies and analysts say is in fact a Kremlin influence operation active in 48 countries across Europe and around the world. Internal documents from the Fund for Support and Protection of the Rights of Compatriots Living Abroad (Pravfond) indicate that the foundation finances propaganda websites targeted at Europeans, helped pay for the legal defence of the convicted arms trafficker Viktor Bout and the assassin Vadim Krasikov, and has employed a number of former intelligence officers as the directors of its operations in European countries.
Europe's cybersecurity chief says disruptive attacks have doubled in 2024, sees Russia behind many
The top European Union cybersecurity official says that disruptive digital attacks have doubled in the 27-member bloc in recent months and election-related services are also being targeted.
TikTok fails 'disinformation test' before EU vote, study shows
Wildly popular social network TikTok approved adverts containing political disinformation ahead of European polls, a report showed Tuesday (4 June), flouting its own guidelines and raising questions about its ability to detect election falsehoods.
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware
At least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have been targeted with Pegasus within the EU.
Russia Steps Up a Covert Sabotage Campaign Aimed at Europe
Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.
To the Moon and back(doors): Lunar landing in diplomatic missions
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
Safari Flaw Can Expose iPhone Users in the EU to Tracking
Apple's implementation of installing marketplace apps from Safari is heavily flawed and can allow a malicious marketplace to track users across websites
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium
The EU issued a statement strongly condemning the malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia.
Baltic countries blame Russia for GPS jamming of commercial flights
State officials from Lithuania and Estonia are among those raising the alarm about Russian interference with navigation signals.
France seeks new EU sanctions to target Russian disinformation
A draft proposal, offered ahead of European elections in June, reportedly would allow the EU to impose tougher restrictions on individuals and entities involved in Russia-backed influence operations worldwide.
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
The Open Source Community is Building Cybersecurity Processes for CRA Compliance
tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing…
Serious security breach hits EU police agency
Disappearance of sensitive files of top law enforcement officials has sparked a crisis at Europol.