All news with #regulatory action tag

⚠️ F-Droid warns that Google’s planned Developer Verification rule — requiring identity verification for all developers on certified Android devices starting in 2026 — could effectively end the project and restrict access to many free, open-source apps. F-Droid, which builds reproducible packages, checks for trackers and allows anonymous downloading without accounts, says many open-source authors will refuse to register or pay fees and that F-Droid cannot seize app identifiers on their behalf. Google says sideloading will remain possible for verified developers, with exemptions for hobbyists and no change to Android Studio workflows.

⚖️ The ICO has confirmed that Imgur’s decision to block UK access does not absolve the company from scrutiny over alleged past data protection breaches. The regulator issued a notice of intent to fine parent company MediaLab on 10 September and says its findings are provisional while the investigation continues. The concerns relate to potential breaches of the Age Appropriate Design Code, including failures to request or verify ages, lack of high-privacy defaults for children, and serving targeted adverts to minors. The ICO stressed that exiting the UK market is a commercial choice and does not prevent regulatory action for prior infringements.

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.

🔒 Congress allowed CISA 2015 to lapse on Sept. 30, 2025 amid a US government shutdown, removing statutory liability shields for private-sector cyber threat information sharing. The expiration reduces government visibility into corporate threat data and is likely to make companies and CISOs more cautious about exchanging indicators and defensive measures. Experts urge immediate legal review and expect Congress may pursue a temporary reauthorization, though the timing and duration remain uncertain.

🔒 Imgur has geoblocked access for users in the United Kingdom after the Information Commissioner's Office (ICO) issued a notice of intent on 10 September 2025 to impose a monetary penalty on Imgur's parent, MediaLab, over age-verification and children's data protections under the Online Safety Act. From 30 September 2025 UK visitors cannot log in, view, upload, or see embedded Imgur content on third-party sites. The ICO cautioned that blocking UK traffic does not absolve the company of potential fines while MediaLab may make representations.

🔔 The FTC has filed a lawsuit against Iconic Hearts Holdings Inc., the operator of Sendit, and its CEO Hunter Rice, alleging unlawful collection of personal data from users under 13 and deceptive subscription practices. The complaint claims Sendit collected phone numbers, birthdates, photos, and social media usernames without parental consent, created fake anonymous messages (some deliberately provocative), and misrepresented a paid "Diamond Membership" while imposing recurring charges. The FTC has referred the matter to the Department of Justice; the allegations remain unproven.

💰 British authorities have seized £5.5 billion (about $7.39 billion) in cryptocurrency — approximately 61,000 Bitcoin — from the London home of Zhimin Qian (aka Yadi Zhang), who pleaded guilty to acquiring and possessing criminal property. The Metropolitan Police say the seizure, uncovered after a probe opened in 2018, is believed to be the largest such confiscation worldwide. Qian is accused of running a large-scale fraud in China from 2014–2017 that targeted more than 128,000 mostly older victims and converted proceeds into Bitcoin before fleeing to the U.K. A co-conspirator, Jian Wen, was previously jailed and ordered to repay millions.

⚖️ The European Commission has launched a formal investigation into whether SAP engaged in anti-competitive conduct in aftermarket services for its on‑premise ERP software. The probe focuses on four practices: mandatory uniform support across products, blocking termination of unused licenses, extending non‑terminable initial support terms, and charging reinstatement fees equal to prior amounts. The Commission says these practices could limit competition from third‑party support providers and amount to unfair trading conditions. SAP says its policies follow industry standards and expects no significant financial impact.

🔐 President Trump has signed an executive order approving a plan to separate TikTok’s U.S. operations from Chinese owner ByteDance, enabling a new U.S.-based joint venture to manage the service domestically. The agreement covers TikTok and related apps such as Lemon8 and CapCut and limits ByteDance to under 20% ownership. Oracle and other American investors will control algorithms, data storage, and content moderation while security partners monitor code and data flows.

🛡️ The Singapore Police Force has issued an implementation directive under the Online Criminal Harms Act requiring Meta to implement enhanced facial recognition for Singapore users and to prioritise review of local scam reports by September 30. The Ministry of Home Affairs said Facebook was the primary platform for government impersonation scams between June 2024 and June 2025, and the SPF disrupted about 2,000 problematic ad schemes on Meta. If Meta fails to comply without a reasonable excuse it faces a S$1m fine and daily penalties after conviction.

🔔 CISA has issued Emergency Directive 25-03 requiring Federal Civilian Executive Branch agencies to remediate two actively exploited Cisco vulnerabilities, CVE-2025-20333 and CVE-2025-20362, in ASA and FTD devices. Agencies must inventory appliances, collect forensics, disconnect compromised and end-of-support devices, and apply patches by the stated deadlines. Cisco links the exploitation to the ArcaneDoor campaign, which leverages ROMMON manipulation and in-memory backdoors to maintain persistence.

⚖️ The FTC announced a $2.5 billion settlement with Amazon over allegations it used dark patterns to trick millions into enrolling in and retaining Prime subscriptions. The agreement includes a $1 billion civil penalty and $1.5 billion in refunds for an estimated 35 million affected consumers. The FTC said Amazon's checkout and cancellation designs obscured opt-outs, failed to disclose automatic renewals, and relied on an internal cancellation flow nicknamed "Iliad" that deterred cancellations. Internal documents, the agency added, showed employees discussing the problematic practices.

🛡️ CISA issued Emergency Directive 25-03 directing federal civilian agencies to identify and mitigate exploitation of a zero-day affecting Cisco Adaptive Security Appliances (ASA). Agencies must inventory in-scope devices, collect forensic data, and assess compromises using CISA-provided procedures and tools. End-of-support devices must be disconnected and remaining appliances upgraded by 11:59 PM EST on September 26, 2025; CISA will monitor compliance and provide assistance.

🔒 British investigators arrested a man in his forties in West Sussex in connection with a suspected ransomware outbreak that disrupted flights across Europe. The National Crime Agency said the suspect was released on conditional bail and the probe remains at an early stage. Security researchers have linked the incident to the HardBit variant, which affected ARINC vMUSE systems and forced airlines to revert to paper processes amid repeated reinfections.

🕵️‍♂️ In a five-month international campaign, Operation HAECHI VI led by Interpol and partner agencies recovered more than $439 million in cash and cryptocurrency tied to cyber-enabled financial crimes. Investigators from 40 countries across five continents targeted a broad range of scams — including voice phishing, investment fraud, BEC, sextortion and romance scams — freezing 400 crypto wallets and blocking over 68,000 bank accounts. The action included 45 arrests in Portugal and multimillion-dollar recoveries in Thailand, building on prior HAECHI phases that netted hundreds of millions and thousands of arrests.

⚖️ The Irish government has appointed Niamh Sweeney as a member of the Data Protection Commission, the authority that leads EU oversight of major technology companies. The appointment has drawn strong criticism from privacy organization Noyb, which highlights Sweeney’s previous role as a lobbyist for Meta. Critics, including Max Schrems, argue this raises questions about impartiality and potential regulatory capture. As recently as December, the DPC fined Meta €251 million for breaches of GDPR, a fact cited by opponents of the appointment.

🔒 The Royal Canadian Mounted Police have dismantled the TradeOgre cryptocurrency exchange and seized more than $40 million in assets believed linked to criminal activity. The small, privacy-focused platform — which supported Monero and did not enforce Know Your Customer (KYC) checks — was taken offline after an investigation by the RCMP’s Money Laundering Investigative Team. Authorities say the exchange failed to register with FINTRAC and cautioned not all seized funds have been confirmed as criminal proceeds.

🚨 Two teenagers have been arrested in the UK on suspicion of involvement in the August 2024 cyberattack against Transport for London; authorities say the suspects are believed to be members of the Scattered Spider collective. The National Crime Agency is prosecuting both on computer misuse and fraud-related charges, while U.S. prosecutors also filed charges against one suspect tied to multiple intrusions and extortion schemes. TfL reported that the breach disrupted internal systems and later confirmed customer data, including names and contact details, was compromised, causing operational disruption and financial losses.

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

🔒 A US court filing identifies a TaskUs employee as a key conspirator in the December 2024 breach of Coinbase, a compromise publicly disclosed in May 2025. Prosecutors allege support agents were bribed and recruited to steal customer PII, impacting almost 70,000 users and facilitating social engineering and asset theft. The filing names employee Ashita Mishra, accuses her of stealing and photographing hundreds of records per day and selling data for $200 a record, and claims TaskUs tried to minimize and conceal its security failures. Plaintiffs seek monetary damages and court-ordered security reforms.