< ciso
brief />
Tag Banner

All news with #regulatory action tag

353 articles · page 5 of 18

ENISA Seeks Top-Level Role in CVE Program Governance

🔐 ENISA is pursuing top-level root status in the CVE Program as it is being onboarded by the US Cybersecurity and Infrastructure Security Agency (CISA) to become a TL-Root CNA. Agency leaders told VulnCon26 attendees the move, targeted for 2026 or early 2027, would secure European representation on the CVE Program Board. ENISA plans to onboard EU national CERTs and CSIRTs as CNAs and is expanding its vulnerability team to support this role.
read more →

Europe Largely Excluded from Anthropic's Mythos Access

🔒 European regulators have been largely frozen out of early access to Anthropic's new Mythos model, Politico reports. Anthropic's Project Glasswing has initially restricted testing to select U.S. technology firms — notably Apple, Microsoft and Amazon — so partners can evaluate and mitigate security risks. The UK’s AI Security Institute has been permitted to test Mythos and acted on findings, while Germany has opened dialogue but not gained access, prompting concerns about private-sector control over a potent security-focused AI.
read more →

US Disrupts APT28 DNS Hijacking Network Targeting Routers

🛡️ The US Department of Justice and FBI led a court-authorized operation to neutralize a DNS hijacking network run by Russian APT28 that had compromised SOHO routers across 23 US states. Dubbed Operation Masquerade, the effort sent commands to affected routers to collect evidence and reset malicious DNS resolvers to legitimate ISP settings. Agencies say the remediation did not harm router functionality and can be reversed by users via factory reset or web management pages. Authorities urged owners to update firmware, verify DNS settings and replace end-of-life devices.
read more →

Supply Chain Security Moves to Boardroom Priority Now

🔒 Supply chain security has shifted from a technical concern to a board-level business priority, driven by high-profile incidents and emerging regulation such as the European Cyber Resilience Act. CSOs must confront pervasive open-source risk—highlighted by Log4Shell—and adopt SBOMs, tooling and processes that reduce false positives. Automation, integration with developer workflows and rapid supplier communication are essential to limit fines and protect customer trust.
read more →

Hong Kong Police Can Force Disclosure of Encryption Keys

🔐 On March 23, 2026, Hong Kong authorities amended enforcement of the National Security Law, allowing police to demand passwords or other assistance to access personal electronic devices, including phones, laptops, and hard drives. The U.S. Consulate General issued a security alert on March 26 warning that refusal to comply is now a criminal offense. Authorities may also seize and retain devices they allege are linked to national security offenses. The change applies even to travellers transiting the airport.
read more →

Cambodia Enacts Tough New Law Against Scam Compounds

🔒 Cambodia has enacted the Law on Combating Online Scams, effective immediately, imposing steep penalties for organisers of scam compounds. The law threatens ringleaders with 5–10 years imprisonment and fines up to $250,000, escalating to 10–20 years and larger fines where violence, forced labour, or trafficking are involved. It also shields coerced victims from prosecution.
read more →

German Police Identify REvil and GandCrab Ransomware Leaders

🔍 German Federal Police (BKA) have identified two Russian nationals as the leaders of GandCrab and REvil between 2019 and 2021. The suspects — 31‑year‑old Daniil Maksimovich Shchukin (alias UNKN/UNKNOWN) and 43‑year‑old Anatoly Sergeevitsch Kravchuk — are linked to at least 130 extortion cases in Germany. At least 25 victims paid roughly $2.2 million, with total damages estimated above $40 million; authorities believe both are now in Russia and have released identifying images to solicit tips.
read more →

German Police Identify Alleged REvil and GandCrab Leaders

🔎 German Federal Police (BKA) say they have identified two Russian nationals as alleged leaders of the GandCrab and REvil ransomware operations active from 2019 to 2021. Authorities attribute at least 130 extortion cases in Germany to the pair, with 25 victims paying roughly $2.2 million and estimated total damages exceeding $40 million. Images, including tattoo photos, have been released and the suspects are listed on the EU Most Wanted portal as authorities seek public tips.
read more →

New Mexico Ruling Threatens End-to-End Encryption Safety

🔒 Mike Masnick argues the New Mexico court ruling against Meta applies a troubling 'design choices create liability' framework that could undermine end-to-end encryption. The state used Meta's 2023 decision to add E2EE in Messenger as evidence that the company 'shielded' predators, and is seeking court-ordered changes to 'protect minors from encrypted communications.' The ruling risks forcing companies to weaken security features and stop documenting internal safety tradeoffs.
read more →

U.S. Bans Import of Foreign-Made Consumer Routers Nationwide

🔒 The Executive Branch has determined that foreign-made consumer routers create a supply-chain vulnerability and pose a severe cybersecurity risk that could disrupt U.S. critical infrastructure and harm U.S. persons. Any new router manufactured outside the United States must receive FCC approval before it can be imported, marketed, or sold; approval requires disclosure of foreign investors or influence and a plan to shift manufacturing to the U.S. Certain devices may be exempted by the Department of Defense or DHS, though neither agency has listed exceptions yet. Existing home routers do not need to be discarded, and market impacts may favor companies able to produce domestically, such as Starlink, while vendors like Netgear—which manufactures abroad—face new compliance and cost pressures.
read more →

ICO fines UK alarm provider £100,000 for nuisance calls

📞 The Information Commissioner’s Office (ICO) fined Birmingham-based monitored alarm provider TMAC £100,000 after staff used false identities on marketing sales calls and the firm made over 260,000 calls to numbers registered on the Telephone Preference Service. The ICO said TMAC deliberately targeted individuals over 60 between February and September 2024, impersonating local crime and fire prevention initiatives to trick recipients. The regulator stressed these actions breached the Privacy and Electronic Communications Regulations and highlighted the importance of public reporting in enabling enforcement.
read more →

AI Regulation Emerges as Central Issue in U.S. Midterms

🗳️The December Trump executive order constrains state AI regulation by directing federal lawsuits and withholding funds from states that attempt limits, effectively prioritizing industry interests over local consumer protections. Polling in 2025 shows broad bipartisan support for greater state and federal oversight, yet the order reshapes political fault lines ahead of the midterms. Candidates may use AI as a wedge—highlighting job displacement, datacenter opposition, and corporate concentration—while organizers work to broaden the debate beyond local fights.
read more →

LeakBase Forum Admin Arrested in Russia Over Data Trade

🔒 Russian authorities have arrested the alleged administrator of LeakBase, a major cybercrime forum accused of trading stolen personal databases since 2021. The suspect, reported to be a resident of Taganrog, was detained and technical equipment seized during a search. Officials say the platform hosted hundreds of millions of accounts, bank details and corporate documents and had over 147,000 registered users. The site was dismantled earlier this month and its content preserved for evidentiary purposes.
read more →

FCC Bans Import and Sale of All Foreign-Made Routers

🔒 The FCC has banned the import and sale of all consumer-grade internet routers manufactured in foreign countries, saying they pose an 'unacceptable risk' to US national security. The rule, announced on 23 March, allows only devices with conditional DoD or DHS approval, effectively blocking most future consumer models because many are made abroad. The agency cited incidents such as the Volt, Flax and Salt Typhoon attacks, while industry experts caution that governance, patching and lifecycle management — not just country of origin — drive much of the risk.
read more →

Wyden Raises Alarm Over Hidden Section 702 Secret Law

🔔 Sen. Ron Wyden warned on the Senate floor that a classified, previously undisclosed interpretation of Section 702 is affecting Americans’ privacy and has been withheld from public and congressional debate. He raised the issue while opposing the nomination of Joshua Rudd to lead the NSA, citing Rudd’s unwillingness to accept basic constitutional limits on surveillance. Wyden said he has repeatedly asked administrations to declassify the matter and is still awaiting a response from DNI Gabbard. He urged Congress to openly debate the matter before Section 702 is reauthorized.
read more →

FCC Blocks New Foreign-Made Consumer Routers Nationwide

🔒 The FCC announced a ban on imports of new foreign-made consumer routers, citing unacceptable cyber and national security risks after an Executive Branch determination. New models are placed on the Covered List unless granted Conditional Approval by the Department of War or DHS; Starlink routers are exempt. Existing customer-owned devices and previously authorized models remain legal to use and sell.
read more →

FCC Bans Sale of New Consumer Routers Made Outside USA

🔒 The FCC has expanded its Covered List under the Secure and Trusted Communications Networks Act to include all consumer routers manufactured outside the United States, effectively banning the sale of new foreign-made models. The move follows a National Security Determination that identified foreign-produced routers as a significant supply-chain threat and cited recent compromises linked to groups such as Volt, Flax, and Salt Typhoon. The agency permits limited exemptions and an alternative approval path for vendors that transparently disclose ownership, manufacturing, and supply-chain details and commit to onshoring critical component production. Existing routers remain available, but consumers may face reduced model availability and higher prices as certification adds time and cost.
read more →

Yanluowang Broker Sentenced to 81 Months; Restitution

🔒 A Russian national, 26-year-old Aleksey Olegovich Volkov (aliases "chubaka.kor" and "nets"), was sentenced to 81 months in U.S. federal prison after pleading guilty to acting as an initial access broker for the Yanluowang ransomware operation. Between July 2021 and November 2022 he sold corporate network access to at least eight U.S. companies, enabling affiliates to deploy ransomware and demand payments. The FBI recovered chat logs, stolen data, victim credentials, and evidence of ransom negotiations after seizing a server tied to the gang, and traced Volkov through Apple iCloud, cryptocurrency exchange records, and social media. He was arrested in Italy in January 2024, extradited to the U.S., and ordered to pay over $9.16 million in restitution and forfeit equipment used in the crimes.
read more →

Russian Initial Access Broker Sentenced to 81 Months

🔒 Aleksei Volkov, a Russian initial access broker tied to dozens of ransomware incidents that produced more than $9m in documented victim losses, has been sentenced to 81 months in a US federal prison. He pleaded guilty to offenses including trafficking in access information, access device fraud and aggravated identity theft. Volkov was linked to Yanluowang and other cybercrime groups, and has agreed to pay at least $9.2m in restitution.
read more →

CISA Orders Federal Patch for DarkSword iOS Flaws Now

🔒 CISA ordered U.S. federal agencies to patch three iOS vulnerabilities exploited by the DarkSword exploit kit, imposing a two-week deadline under BOD 22-01. Apple has released fixes and the flaws now only affect iPhones running iOS 18.4 through 18.7. Researchers linked DarkSword to multiple threat groups and to data-stealing malware families including GhostBlade, GhostKnife, and GhostSaber.
read more →