Category Archives: Europe

GDPR quick guide: Why non-compliance could cost you big

If you conduct business in the EU, offer goods or services to, or monitor the online behavior of EU citizens, then the clock is ticking. You only have a few more months – until May – to make sure your organization complies with GDPR data privacy regulations. Failure to abide by GDPR means you could get hit with huge fines. Finding and investigating data breaches: Why it’s always too little, too late Personal data protection … More

German court says Facebook use of personal data is illegal

Facebook’s default privacy settings and some of its terms of service fall afoul of the German Federal Data Protection Act, the Berlin Regional Court has found. By not adequately securing the informed consent of its users, Facebook’s use of personal data is illegal – and so is the social network’s “real-name” clause, as the German Telemedia Act says that providers of online services must allow users to use their services anonymously or by using a … More

Data of 800,000 Swisscom customers compromised in breach

Swisscom, the biggest telecom company in Switzerland, has suffered a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. “The data accessed included the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers; contact details which, for the most part, are in the public domain or available from list brokers,” the company explained. The data … More

HITB Security Conference in Amsterdam is all about advanced research

The agenda for Day 2 of the 9th annual HITB Security Conference in The Netherlands has been announced with even more advanced research including new sandbox evasion techniques, a ground breaking method for establishing covert channels over GSM mobile networks, a tool for backdooring cars and much more. Reference This: Sandbox Evasion Using VBA Referencing The sandbox, last line of defense for many networks, isn’t what it used to be. This talk shows how attackers … More

Why developing an internal cybersecurity culture is essential for organizations

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of cybersecurity culture The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of … More

UK data protection authority issues record fines

Since August 2015, The UK’s independent authority, The Information Commissioner’s Office, has fined 104 organisations a total of £8.7 million for breaches in data security and anti-spam regulations. Every month the UK body releases detailed information on which companies have been issued with fines for breaking the regulations. The figures for January reveal that they are ramping up the pressure still further on companies that break the rules by issuing record fines for the month. … More

Investigation uncovers Luminosity Link RAT distributors, victims are in the thousands

A hacking tool allowing cybercriminals to remotely gain complete control over a victim’s computer is no longer available as a result of an UK-led operation targeting hackers linked to the Remote Access Trojan (RAT) Luminosity Link. Coordinated by the UK National Crime Agency with the support of Europol, this operation saw the involvement of over a dozen law enforcement agencies in Europe, Australia and North America. Once installed upon a victim’s computer, a user of … More

7 steps for getting your organization GDPR-ready

While the EU has had long established data protection standards and rules, its regulators haven’t truly commanded compliance until now. Under the General Data Protection Regulation (GDPR), financial penalties for data protection violations are severe – €20 million (about $24.8 million USD) or 4 percent of annual global turnover (whichever is higher), to be exact. What’s more is that GDPR does not merely apply to EU businesses, but any organization processing personal data of EU … More

Authentication today: Moving beyond passwords

A new global study from IBM Security examining consumer perspectives around digital identity and authentication, found that people now prioritize security over convenience when logging into applications and devices. Authentication methods perceived as most secure (global perspective) Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security. With millennials quickly becoming the … More

Human trafficking victims forced to defraud Chinese computer users

Late last week, the Croatian police executed a coordinated raid on two houses where 59 individuals were confined and forced into defrauding Chinese and Taiwanese computer and smartphone users through a police-ransom-type-of-scheme. According to an announcement by the Croatian Ministry of the Interior, the raids were the result of a months-long joint investigation with the Slovenian National Police and a collaboration with the People’s Republic of China’s police force. The 59 individuals – mostly from … More

GDPR: Whose problem is it anyway?

With the GDPR deadline looming on May 25, 2018, every organization in the world that transmits data related to EU citizens is focused on achieving compliance. And for good reason. The ruling carries the most serious financial consequences of any privacy law to date – the greater of 20 million EUR or 4 percent of global revenue, potentially catastrophic penalties for many companies. Compounding matters, the scope and complexity of GDPR extends beyond cyber security, … More

HITB Security Conference in Amsterdam to feature innovative research on attack and defense topics

The agenda for Day 1 of the 9th annual HITB Security Conference in The Netherlands has been announced and it’s packed with cutting edge research on a range of attack and defense topics from crypto currencies to fuzzing and more. Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) In this presentation, Daniel Bohannon, a Senior Applied Security Researcher with MANDIANT’s Advanced Practices group, will dive deep into cmd.exe’s multi-faceted obfuscation opportunities beginning with … More

Why GDPR will drive a best practice approach

When GDPR was first discussed, many feared that it would force businesses to act more insular and become more defensive about their data. Some even believed there would be a counter-movement against the cloud with organisations taking back data into their internal systems. Thankfully, the reality has been very different. Instead we’ve seen a new willingness to work together with partners and specialist cloud providers. Now it looks likely that this collaboration will help to … More