Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.
The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.
A financially motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group. Microsoft issued a patch in its March dump of fixes.
The U.K. government says a new national agency will work with the private sector to stymie national security threats including foreign hackers after British intellectual property. In an update to British foreign policy, Prime Minister Rishi Sunak vowed to "push back" against China.
Britain's National Cyber Security Agency is examining TikTok to help the government finalize its decision to ban the Chinese video-sharing app from federal networks, the country’s security minister, Tom Tugendhat, revealed. The agency is looking into the app's ownership and security features.
Business social media platform LinkedIn continues to pay dividends for North Korean hackers, including one group historically concentrated on South Korean targets that has expanded into pursuing security researchers and media industry workers in the West.
The European Central Bank will conduct cyber stress tests to determine banks' resilience against cyberattacks. The tests, which will receive a "significant amount of time and resources," are set to be completed by mid-2024, said Andrea Enria, ECB's top official for oversight.
The British government is proposing modifications to the European privacy law adopted as British law before the U.K. left the EU. Civil society groups warn that changes to the U.K. GDPR could lead to more surveillance. Some tech firms say the government is poised to increase its regulatory burden.
A French law requiring companies to report cyber incidents to authorities within 72 hours or lose their eligibility for cyber insurance reimbursement has practitioners scratching their heads. Global companies with headquarters in France will have the most uncertainty, experts say.
Police in Germany and Ukraine detained two suspected core members of a ransomware criminal group with a track record of attacking hospitals and emergency services. Seized electronics may lead to additional arrests of members of the group, who are accused of spreading DoppelPaymer ransomware.
Chinese APT group Mustang Panda is deploying a previously unseen malware backdoor dubbed MQsTTang as part of a spear-phishing campaign targeting governmental organizations, specifically in Ukraine and Taiwan, security firm Eset says. The malware is currently being spread as RAR files, it adds.
The European agency responsible for overseeing consistent application of privacy law on the continent says it has reservations about the legal framework underpinning commercial trans-Atlantic data flows as the framework moves toward formal acceptance by the European Commission.
A Chinese law requiring mandatory disclosure to the government of vulnerability reports appears to be paying dividends for state-connected hacking. "The Chinese government is up-leveling their capabilities," says Adam Meyers, senior vice president of intelligence at CrowdStrike.
Automaker Tesla revised settings for its in-built cameras after a probe by the Dutch data privacy agency found its default settings enabled illegal recording and retention of data. "Teslas parked on the street were often filming everyone who came near the vehicle," DPA board member Katja Mur said.
The European Commission is preparing a proposal mandating more cooperation among national government agencies charged with enforcing the General Data Protection Regulation. Nationally driven enforcement of the regulation has emerged as a sore point for some during the GDPR's first half decade.
The newly relaunched HardBit 2.0 ransomware group is now demanding victims disclose details of their cyber insurance coverage before negotiating a ransom demand. The group, which has been active since 2022, has demanded that one victim pay $10 million in ransom, according to researchers at Varonis.