Tag: law
-
Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit
In mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum. The announcement, posted on September 15, 2025, claimed the three groups were joining forces to navigate an increasingly challenging criminal ecosystem marked by intensified law enforcement pressure and operational fragmentation. A…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
U.S. Sentencing Commission seeks input on criminal penalties for deepfakes
The commission is asking whether nonconsensual deepfake porn should be classified under U.S. law as harassment, blackmail or sending obscene material to minors. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-sentencing-guidelines-take-it-down-act-deepfake-law/
-
US seizes E-Note crypto exchange for laundering ransomware payments
Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-seizes-e-note-crypto-exchange-for-laundering-ransomware-payments/
-
US seizes E-Note crypto exchange for laundering ransomware payments
Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-seizes-e-note-crypto-exchange-for-laundering-ransomware-payments/
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
UK surveillance law still full of holes, watchdog warns
Tags: lawInvestigatory Powers Commissioner says reforms have failed to close oversight gaps First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/snoopers_charter_loopholes/
-
UK surveillance law still full of holes, watchdog warns
Tags: lawInvestigatory Powers Commissioner says reforms have failed to close oversight gaps First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/snoopers_charter_loopholes/
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
TikTok tracked user’s Grindr activity in violation of European law, rights group alleges
TikTok and the gay dating app Grindr are violating European data protection laws by tracking user activities across apps, a digital rights organization alleges. First seen on therecord.media Jump to article: therecord.media/tiktok-grindr-data-tracking-noyb
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/afripol-focuses-regional-cyber-challenges-deepening-cooperation
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Key lawmaker says Congress likely to kick can down road on cyber information sharing law
House Homeland Security Chairman Andrew Garbarino, R-N.Y., also discussed Salt Typhoon, regulations and the cyber workforce Tuesday. First seen on cyberscoop.com Jump to article: cyberscoop.com/congress-cybersecurity-information-sharing-act-extension-2025-andrew-garbarino/
-
AI Laws in the US are all over the place
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/ai-laws-in-the-us-are-all-over-the-place/
-
Texas sues 5 smart TV manufacturers over data collection practices
Texas’ attorney general, who is suing under the Texas Deceptive Trade Practices Act, says ACR technology violates Texas law because of how it collects consumer data without the user’s knowledge or consent. First seen on therecord.media Jump to article: therecord.media/texas-sues-5-smart-tv-makers-over-acr-tech
-
Texas sues 5 smart TV manufacturers over data collection practices
Texas’ attorney general, who is suing under the Texas Deceptive Trade Practices Act, says ACR technology violates Texas law because of how it collects consumer data without the user’s knowledge or consent. First seen on therecord.media Jump to article: therecord.media/texas-sues-5-smart-tv-makers-over-acr-tech
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
Europe’s DMA raises new security worries for mobile ecosystems
Mobile security has long depended on tight control over how apps and services interact with a device. A new paper from the Center for Cybersecurity Policy and Law warns that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/15/eu-dma-mobile-security-risks/
-
New Portuguese Law Shields Ethical Hackers from Prosecution
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a ‘safe harbour’ from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend. First seen on hackread.com Jump to article: hackread.com/portugal-cybercrime-law-protects-ethical-hackers/
-
New Portuguese Law Shields Ethical Hackers from Prosecution
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a ‘safe harbour’ from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend. First seen on hackread.com Jump to article: hackread.com/portugal-cybercrime-law-protects-ethical-hackers/
-
UK finally vows to look at 35-year-old Computer Misuse Act
As Portugal gives researchers a pass under cybersecurity law First seen on theregister.com Jump to article: www.theregister.com/2025/12/09/uk_computer_misuse_act/