Tag: law
-
Dark Patterns, Children’s Data and Corporate Fiduciary Risk
How UX Decisions Are Becoming Regulatory Liabilities for CISOs Children’s data is entering a new regulatory era where dark patterns, defaults and monetization choices can signal breached fiduciary duty. As privacy, safety and consumer laws converge globally, CISOs must treat manipulative UX, consent flows and retention practices as core security and governance risks. First seen…
-
Cloudflare Says ‘Non C’è Modo’ (No Way) In Defiance of Italy Piracy Shield Law
Italian authorities have fined Internet security company Cloudflare $16.3 as a result of the content delivery network specialist’s refusal to block access to pirate sites on its 1.1.1.1 DNS service. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/cloudflare-says-non-ce-modo-no-way-in-defiance-of-italy-piracy-shield-law/
-
Notorious BreachForums hacking site hit by ‘doomsday’ leak of 324,000 criminal users
Tags: access, breach, crime, cyber, cybercrime, dark-web, data, data-breach, email, extortion, group, hacking, intelligence, law, leak, password, penetration-testing, ransomware, risk, service, threatHave I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.This tallies with the August 11 date on the database leaked last week; that was the…
-
Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult
No matter what new laws or regulations make the cut for 2026, it’s clear that compliance challenges will persist and federal legislation will be limited. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/navigating-privacy-and-cybersecurity-laws-in-2026-will-prove-difficult
-
Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network
Europol announced the arrest of 34 suspected Black Axe members in Spain during a joint operation with Spanish and European law enforcement. Europol announced the arrest of 34 suspects in Spain linked to the Black Axe criminal network, following a joint operation by Spanish police, Bavarian authorities, and Europol, with most arrests in Seville. >>The…
-
Researchers Uncover 28 Unique IPs and 85 Domains Hosting Carding Markets
Between July and December 2025, cybersecurity firm Team Cymru conducted an extensive analysis of carding infrastructure, revealing a sophisticated network comprising 28 unique IP addresses and 85 domains that actively host illicit carding markets and forums. The research employed technical fingerprinting methods crucial for financial institutions, law enforcement agencies, and fraud fusion centers working to…
-
EU’s Chat Control could put government monitoring inside robots
Cybersecurity debates around surveillance usually stay inside screens. A new academic study argues that this boundary no longer holds when communication laws extend into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/12/eu-chat-control-robots-surveillance/
-
CCPA Compliance Checklist for 2026: What You Need to Know
Key Takeaways The California Consumer Privacy Act (CCPA) is California’s primary privacy law governing how businesses collect, use, disclose, and protect personal information about California residents. Since its introduction, the law has steadily evolved, expanding both the rights granted to individuals and the expectations placed on organizations that handle personal data. The CCPA law gives……
-
Zero-Knowledge Compliance: How Privacy-Preserving Verification Is Transforming Regulatory Technology
Traditional compliance often forces companies to expose sensitive information to prove they follow the rules. This approach increases the risk of breaches and raises severe privacy concerns. With rising regulatory pressure and stricter data sovereignty laws, more organizations are exploring zero-knowledge frameworks as a safer alternative. Zero-knowledge proofs (ZKPs) allow businesses to prove adherence without..…
-
‘Elon Musk is playing with fire:’ All the legal risks that apply to Grok’s deepfake disaster
There are legal tools in place to curb what’s happening on X, but the incident will be precedent-setting for how these laws and regulations are wielded for AI-generated images. First seen on cyberscoop.com Jump to article: cyberscoop.com/elon-musk-x-grok-deepfake-crisis-section-230/
-
US announces withdrawal from dozens of international treaties
Although the list does not include what are perceived to be the more consequential multilateral bodies shaping global cyber governance and state behaviour in cyberspace, some of the organizations play a role in shaping international law broadly. First seen on therecord.media Jump to article: therecord.media/us-announces-withdrawal-from-dozens-international-orgs
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
The nation’s strictest privacy law just took effect, to data brokers’ chagrin
Californians can now submit demands requiring 500 brokers to delete their data. First seen on arstechnica.com Jump to article: arstechnica.com/tech-policy/2026/01/data-broker-hoarding-is-rampant-new-law-lets-consumers-fight-back/
-
Convicted Bitfinex bitcoin launderer freed from prison, thanks Trump law
Tags: lawIlya Lichtenstein was supposed to serve five years after being sentenced in late 2024. First seen on cyberscoop.com Jump to article: cyberscoop.com/bitfinex-hacker-ilya-lichtenstein-early-release-first-step-act/
-
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture
Tags: automation, ceo, communications, compliance, control, cyber, cybersecurity, data, detection, email, finance, framework, group, guide, intelligence, law, metric, nist, phishing, ransomware, RedTeam, resilience, risk, tool, updateThe 10 dimensions, translated for cybersecurity: The ORCS framework defines ten dimensions. Treat them as a system. Each one is distinct; together they are complete. Leadership & governance. Leaders set the tone, model the behavior and anchor accountability. If leaders treat cyber as only an IT issue, everyone else will, too. When leaders make risk-informed…
-
Disney Fined $10M for Violating Children’s Privacy Laws on YouTube
Disney agrees to a $10M settlement with the DOJ and FTC over YouTube privacy violations. Learn how the COPPA ruling affects kids’ data and Disney’s new rules. First seen on hackread.com Jump to article: hackread.com/disney-fine-violating-children-privacy-laws-youtube/
-
ManageMyHealth Provides Update on Ongoing Cyberattack Investigation
Manage My Health (MMH) has released a detailed update on the ongoing investigation following a cyberattack that was first reported on 30 December 2025. The ManageMyHealth hack has affected a portion of the organization’s user base, prompting urgent responses from MMH, Health New Zealand, and law enforcement agencies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/managemyhealth-hack-explained/
-
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance
How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
-
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance
How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
-
Resecurity Caught ShinyHunters in Honeypot
Resecurity caught ShinyHunters (SLH) using decoy accounts; the group attacked airlines, telecoms, and law enforcement in Sept 2025. In an interesting development, Resecurity has caught actors known as “ShinyHunters” or >>Scattered Lapsus$ Hunters
-
A Week That Set the Tone for 2026: Cyber Laws, Breaches, and Disinformation
This week, The Cyber Express takes a closer look at the events shaping the global cybersecurity landscape as we transition from 2025 to 2026. Throughout this week, we covered new cybersecurity laws, insider jobs involving ransomware, AI-driven disinformation, and data protection enforcement. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-jan-2026/
-
So geht Post-Incident Review
Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen wenn sie richtig aufgesetzt sind.Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die…
-
TDL 012 – The Architect of the Internet on the Future of Trust
Summary In this episode of The Defenders Log, Paul Mockapetris, the architect of DNS, discusses the evolving role of the Domain Name System from a simple directory to a sophisticated security tool. He posits that modern networking requires “making sure DNS doesn’t work when you don’t want it to,” comparing DNS filtering to essential services…
-
Reducing Cyber, Privacy Risks in Healthcare Sector M&As
Healthcare sector mergers and acquisitions dramatically amplify cybersecurity and data privacy exposure for potential buyers and sellers, said attorney Jonian Rafti of law firm Proskauer. But there are critical steps entities can take to reduce those risks, he said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/reducing-cyber-privacy-risks-in-healthcare-sector-mas-i-5513
-
Implementing NIS2, without getting bogged down in red tape
Tags: access, ai, automation, backup, bsi, business, cloud, compliance, control, data, detection, email, encryption, iam, identity, incident response, infrastructure, law, least-privilege, metric, monitoring, network, nis-2, regulation, saas, sbom, service, siem, soc, software, startup, supply-chain, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayIT in transition: From text documents to declarative technology: NIS2 essentially requires three things: concrete security measures; processes and guidelines for managing these measures; and robust evidence that they work in practice.Process documentation, that is, policies, responsibilities, and procedures, is not fundamentally new for most larger companies. ISO 27001-based information security management systems, HR processes, and…
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
Sprawling ‘Operation Sentinel’ Neutralizes African Cybercrime Syndicates
Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the region, including business email compromise, digital extortion, and ransomware schemes. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/operation-sentinel-african-cybercrime-syndicates
-
INTERPOL Dismantles Six Ransomware Operations, Detains 500+ Individuals
Law enforcement agencies across 19 countries have made a significant breakthrough in combating cybercrime, arresting 574 suspects and recovering approximately USD 3 million during a month-long coordinated operation across Africa. The crackdown underscores the escalating threat of ransomware, business email compromise (BEC), and digital extortion schemes plaguing the continent. Operation Sentinel, conducted from October 27…
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…