Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware
At least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have been targeted with Pegasus within the EU.
Russia Steps Up a Covert Sabotage Campaign Aimed at Europe
Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.
To the Moon and back(doors): Lunar landing in diplomatic missions
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
Safari Flaw Can Expose iPhone Users in the EU to Tracking
Apple's implementation of installing marketplace apps from Safari is heavily flawed and can allow a malicious marketplace to track users across websites
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium
The EU issued a statement strongly condemning the malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia.
Baltic countries blame Russia for GPS jamming of commercial flights
State officials from Lithuania and Estonia are among those raising the alarm about Russian interference with navigation signals.
France seeks new EU sanctions to target Russian disinformation
A draft proposal, offered ahead of European elections in June, reportedly would allow the EU to impose tougher restrictions on individuals and entities involved in Russia-backed influence operations worldwide.
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
The Open Source Community is Building Cybersecurity Processes for CRA Compliance
tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing…
Serious security breach hits EU police agency
Disappearance of sensitive files of top law enforcement officials has sparked a crisis at Europol.
EU bans anonymous crypto payments to hosted wallets
In a recent regulatory development, the European Union (EU) has voted to ban cryptocurrency payments to "hosted wallets" using unidentified self-custody crypto wallets.
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
Loi sur l’IA
La loi sur l’IA est le tout premier cadre juridique en matière d’IA, qui traite des risques liés à l’IA et positionne l’Europe pour qu’elle joue un rôle de premier plan à l’échelle mondiale.
World’s first major act to regulate AI passed by European lawmakers
The European Union Parliament on Wednesday approved the world's first major set of regulatory ground rules to govern the mediatized artificial intelligence at the forefront of tech investment.
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
La Commission se félicite de l'accord politique auquel le Parlement européen et le Conseil sont parvenus la nuit dernière concernant le règlement sur la cybersolidarité, proposé par la Commission en avril 2023. Le règlement sur la cybersolidarité renforcera la solidarité au niveau de l'UE afin de mieux détecter les menaces et incidents de cybersécurité, de mieux s'y préparer et de mieux y réagir. Cet accord intervient à un moment crucial pour la cybersécurité de l'UE, étant donné que le paysage des cybermenaces dans l'UE continue d'être affecté par les événements géopolitiques.
Cyber Solidarity Act : qui va constituer le « bouclier cyber » européen ?
Le Cyber Solidarity Act ouvre la voie à une infrastructure paneuropéenne de SOC. Quels acteurs - français, notamment - se sont positionnés ?
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
On 26 February, EDRi and its partners Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom have submitted a complaint to the European Commission regarding a potential infringement of the Digital Services Act (DSA). Specifically, we have raised concerns that LinkedIn, a designated Very Large Online Platform (VLOP) under the DSA, infringes the DSA’s new prohibition of targeting online adverts based on profiling using sensitive categories of personal data such as sexuality, political opinions, or race.
European Parliament finds spyware on defense committee members’ phones
Officials handling security and defense issues were the target of phone hacking, internal email says.
Anatsa Banking Trojan Resurfaces, Targets European Banks
ThreatFabric said the campaign has evolved since last year, employing sophisticated methods and mainly targeting Samsung devices
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
Imposer aux messageries de donner leurs clés pour déchiffrer les messages est illégal, estime la CEDH
La Cour européenne des droits de l’homme a donné raison à un utilisateur de l’application Telegram visé par une demande du FSB, le service de sécurité intérieure russe. La décision pourrait avoir un impact sur certaines lois en cours de discussion en Europe.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FUL2BEB656RIBDAFR4NFQG6BW6U.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
European Commission to open investigation into TikTok, Bloomberg reports | Reuters
the European Commission will open an investigation into TikTok in the coming weeks over concerns that changes the firm made to comply with the bloc's Digital Services Act (DSA) were not enough to protect under-age users, Bloomberg News reported on Friday. TikTok has not received notice from the European Commission of an investigation and is in regular dialogue with European Union authorities, a spokesperson told Reuters when asked about the Bloomberg report. The EC declined to comment.
Porsche To Kill ICE-Powered Macan In Europe Over Cybersecurity Laws | Carscoops
Porsche's best-selling model will be discontinued from markets within the European Union in spring of 2024