Tag: law
-
Operation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service Domains
A major international law enforcement campaign has hit the DDoS-for-hire ecosystem, warning more than 75,000 suspected users and disrupting the infrastructure that helped power online attacks around the world. Backed by Europol, Operation PowerOFF brought together authorities from 21 countries in a coordinated action week on 13 April 2026. The operation resulted in four arrests,…
-
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals.The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to First seen on…
-
The need for a board-level definition of cyber resilience
Tags: awareness, business, cisa, compliance, control, crime, cyber, cybercrime, cybersecurity, detection, finance, framework, governance, law, metric, regulation, resilience, risk, risk-analysis, risk-management, service, supply-chain, technologyWhere the literature converges: Organizational outcomes vs. policy and controls It’s consistently agreed that cyber resilience should be tied to organizational outcomes rather than technical controls and policies. Rather than focusing on metrics such as mean time to detection or number of security controls, organizational cyber resilience needs to evaluate levels of business continuity, preservation…
-
CYBERUK ’26: UK lagging on legal protections for cyber pros
Ahead of next week’s CYBERUK conference, the CyberUp Campaign for reform of the UK’s hacking laws urges the government to keep focus, and proposes a four-pillar framework that would protect cyber professionals from prosecution. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641875/CYBERUK-26-UK-lagging-on-legal-protections-for-cyber-pros
-
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
US, UK and Canada disrupt $45M crypto theft in Operation Atlantic
US, UK and Canada ran Operation Atlantic, uncovering $45M in crypto theft and freezing $12M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed Operation Atlantic, has targeted large-scale cryptocurrency theft schemes. Authorities identified more than $45 million in stolen digital assets and successfully froze around $12 million.…
-
W3LL phishing service sold for $500 dismantled by the FBI
The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/fbi-w3ll-phishing-kit-takedown/
-
Best of the Worst: Five Attacks That Already Knew Your Name
<div cla TL;DR This week’s Attack of the Day posts revealed a clear shift from volume to precision. A phishing PDF auto-launched a credential harvest page the instant it opened, no click required. A QR code inside another PDF had the target’s email address pre-encoded in base64, so the landing page pre-filled the victim’s username…
-
FBI, Indonesia take down W3LL phishing tool
A widely used phishing tool that allowed hackers to create fake websites that looked like legitimate login portals for just $500 was disrupted by the FBI and law enforcement agencies in Indonesia. First seen on therecord.media Jump to article: therecord.media/phishing-takedown-indonesia-fbi
-
$12 million frozen, 20,000 victims identified in crypto scam crackdown
More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/13/crypto-scam-crackdown-12-million-frozen/
-
Citizen Lab: Webloc tracked 500M devices for global law enforcement
Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a surveillance tool called Webloc to track devices via advertising data, potentially affecting up to 500…
-
Over 20,000 crypto fraud victims identified in international crackdown
An international law enforcement action led by the U.K.’s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-identifies-20-000-victims-in-international-crypto-fraud-crackdown/
-
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
When Privacy Laws Force You to Know Too Much: The Perverse Incentives of Age Verification Regimes
How modern age-verification laws, like the California Digital Age Assurance Act, dismantle the principle of data minimization by mandating the collection of sensitive personal data, effectively turning “don’t know” into “must know” and knowledge into liability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/when-privacy-laws-force-you-to-know-too-much-the-perverse-incentives-of-age-verification-regimes/
-
Britain seeks views before it drops the hammer on signal jammers
Four-week call for evidence intended to help shape laws aimed at devices linked to crime First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/signal_jammer_consultation/
-
Cryptohack Roundup: Bithumb’s Recovery Plan
Also: Cambodia Moves to Combat Online Scam Networks. Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Bithumb’s recovery plan, Circle criticized, a new Cambodian law to combat online scam networks, Bitcoin Depot hack, panic after Stabble’s alleged North Korea link and HypurrFi’s domain hijack. First seen on govinfosecurity.com Jump to article:…
-
Massive Data Breach Exposes 337K LAPD-Linked Records
A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps. The post Massive Data Breach Exposes 337K LAPD-Linked Records appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lapd-data-breach-337k-files-exposed/
-
The 2026 Digital Omnibus
For the better part of a decade, doing business under EU digital law has been challenging, with DDPR, ePrivacy updates, the NUS2 Directive, the AI and Data Acts, and others coming in rapid succession. For organizations already investing heavily in compliance frameworks like CMMC, the prospect of layering on yet another set of requirements has”¦…
-
Japan relaxes privacy laws to make itself the ‘easiest country to develop AI’
Opting out of personal data use won’t be an option because Minister says that’s a ‘very big obstacle’ to AI adoption First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/japan_privacy_law_changes_ai/
-
France Limits Chinese-Made Solar Energy Components
Paris Backs Protectionism and Cybersecurity Requirements to Keep Out Chinese Firms. France is saying non to Chinese photovoltaic components through a mix of protectionism and cybersecurity requirements as it readies a government-backed program of new solar energy projects. Chinese cybersecurity laws require firms to share key information and generally cooperate with Beijing. First seen on…
-
How botnet-driven DDoS attacks evolved in 2H 2025
Tags: ai, attack, botnet, dark-web, ddos, defense, dns, finance, government, group, infrastructure, intelligence, international, Internet, iot, jobs, law, LLM, mitigation, network, resilience, risk, service, strategy, tactics, threat, tool, usa, vulnerabilityMassive attack capacity: Demonstration attacks peaked at 30Tbps and 4 gigapackets per second, primarily launched by Internet of Things (IoT) botnets such as Aisuru and TurboMirai variants.AI integration: The use of AI, including dark-web large language models (LLMs), moved from emerging trend to operational reality, making sophisticated attacks accessible to a wider range of threat actors.Persistent threat…
-
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
-
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
-
The rise of proactive cyber: Why defense is no longer enough
Tags: attack, breach, ciso, control, country, cyber, cybersecurity, defense, framework, google, government, hacking, infrastructure, intelligence, korea, law, microsoft, network, north-korea, risk, threat, toolWhat ‘proactive cyber’ means: Despite the more aggressive language, this shift toward private-sector involvement doesn’t envision vigilante-style payback by aggrieved organizations. It instead embraces a more systematic effort to interfere with adversaries earlier in the attack chain using authorities and capabilities that already exist.”To be clear, this is not hacking back,” Joyce said. “This is…
-
Child Safety at Risk as EU CSAM Detection Law Lapses, Reporting Concerns Rise
A growing surge in CSAM (Child Sexual Abuse Material) circulating online has become an urgent concern for authorities and child protection organizations across the EU. As digital platforms continue to play a central role in communication, the challenge of tackling child sexual exploitation has intensified. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/eu-csam-law-gap-child-sexual-exploitation-risk/
-
New Mexico’s Meta Ruling and Encryption
Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it leads in practice. One of the key pieces…
-
Big tech vows to continue CSAM scanning in Europe despite expiration of law allowing it
Microsoft, Google, Meta and Snapchat released a statement on Friday saying they “reaffirm their continued commitment to protecting children and preserving privacy, and will continue to take voluntary action” to complete the scans. First seen on therecord.media Jump to article: therecord.media/big-tech-vows-to-continue-csam-scanning