European Commission Proposes Law Requiring Tech Companies to Scan for Child Abuse Images

Five Eyes intel agencies warn MSPs of supply chain attacks, REvil resumes activity, Microsoft issues fix for severe bug exploited in the wild, Cyber Director hires three high-powered experts, more

May 11

blue and white flags on pole — Photo by Guillaume Périgois on Unsplash

According to a leaked proposal, the European Commission is expected to release a draft law this week that could require digital companies like Meta, Google, and Apple to detect, remove and report illegal images of abuse to law enforcement under the threat of fines.

The Commission said voluntary measures taken by some platforms have so far “proven insufficient” to address the misuse of online services for child sexual abuse. Cybersecurity specialists and digital rights activists are concerned that any effort to break or backdoor the end-to-end encryption protecting images, which would be necessary to scan the images, could break digital security measures altogether.

But, Belgian Home Affairs Commissioner Ylva Johansson said that “abusers hide behind the end-to-end encryption” when announcing the measure, despite the technical impossibility of allowing image scanning while maintaining secure encryption. Ella Jakubowska, policy adviser at European Digital Rights (EDRi), a network of 45 nongovernmental organizations, said that “The EU shouldn’t be proposing things that are technologically impossible.” (CLOTHILDE GOUJARD AND VINCENT MANANCOURT / Politico)

Related: Euractiv

INTERPOL @INTERPOL_HQ

This #EU initiative provides a framework for improved prevention and protection. Stronger regional mechanisms integrated into the existing global network are vital in combating online child sexual abuse more effectively. #StopChildSexualAbuse https://t.co/ib84VUCcUR

EU Home Affairs @EUHomeAffairs

1 million #childsexualabuse reports in the EU, in 2020 alone❌ Today, @EU_Commission proposes new 🇪🇺 legislation to protect children with 🔹strong safeguards 🔹obligations on companies 🔹coordinated authority actions Find out more📌https://t.co/PucdQXp9he #EUvsChildSexualAbuse https://t.co/KmOWxN0hMF

Matthew Green @matthew_d_green

Speaking of actual free speech issues, the EU is proposing a regulation that could mandate scanning of encrypted messages for CSAM material. This is Apple all over again.

LEAK: Commission to force scanning of communications to combat child pornographyThe European Commission is to put forward a generalised scanning obligation for messaging services, according to a draft proposal obtained by EURACTIV.euractiv.com

Natasha 🧗‍♀️ @riptari

Scanning the contents of messages is often the "only possible way" to detect grooming? Really @EU_Commission? Couldn't a platform infer red flags from metadata (eg adult male user repeatedly tries to message non-social-graph females whose service usage suggests are aged <18)?

Multiple cybersecurity and law enforcement agencies from the Five Eyes countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) warned managed service providers (MSPs) and their customers that supply chain attacks increasingly target them.

The agencies shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats, recommending specific measures on securing sensitive information and data via transparent discussions centered around re-evaluating security processes and contractual commitments to accommodate the customers' risk tolerance. (Sergiu Gatlan / Bleeping Computer)

Related: CISA

Rob Joyce @NSA_CSDirector

Managed service providers make attractive targets for malicious actors to scale their attacks. MSPs and their customers should use these recommendations for handling the shared responsibilities of securing sensitive data. https://t.co/pZPluNVLQr

NSA Cyber @NSACyber

We expect to see an increase in targeting of managed service providers. This joint advisory with @NCSC, @CISAgov, @FBI, @CyberGovAU, and @cybercentre_ca highlights key actions for MSPs and their customers to secure communications and other sensitive data. https://t.co/vuZPZWo74Q https://t.co/M3Q13qNfo0

Based on an analysis of new ransomware samples, researchers from Secureworks Counter Threat Unit (CTU) say the notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity.

The apparent resurgence comes as REvil's data leak site in the TOR network began redirecting to a new host on April 20, with cybersecurity firm Avast disclosing a week later that it had blocked a ransomware sample in the wild "that looks like a new Sodinokibi / REvil variant." (Ravie Lakshmanan / The Hacker News)

Microsoft released updates to fix at least 74 different security problems in its Windows operating systems and related software, including fixes for seven “critical” flaws and a zero-day vulnerability that affects all supported versions of Windows.

The most urgent bug is CVE-2022-26925, a weakness in a central component of Windows security (the “Local Security Authority” process within Windows) which was publicly disclosed before today and is now actively exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022. (Brian Krebs / Krebs on Security)

The White House Office of the National Cyber Director (ONCD) headed by Chris Inglis announced the hiring of three high-powered cybersecurity experts: Kemba Walden as the first Principal Deputy National Cyber Director and Neal Higgins and Rob Knake as Deputy National Cyber Directors.

Walden, backed by extensive government experience, comes to ONCD from Microsoft, where she served as an Assistant General Counsel in Microsoft’s Digital Crimes Unit (DCU), responsible for launching and leading DCU’s Ransomware Program. A source familiar with the announcement says Walden will be the “linchpin” for the office and work closely with National Cyber Director Chris Inglis. (Sean Lyngaas and Zachary Cohen / CNN)

Megan Stifel - Pls 😷& get boosted 🌻 @MeganStifel

Cannot wait to see what these great individuals will do collectively to improve our nation’s & the world’s ability to harness the opportunity of the Internet & better manage #cyber #risk in so doing. Congrats ⁦@KembaWalden⁩ ⁦⁦@robknake⁩ 🇺🇸 whitehouse.gov/briefing-room/…

Office of the National Cyber Director Announces Senior Leadership | The White HouseToday, the Office of the National Cyber Director announced Kemba Walden as the first Principal Deputy National Cyber Director and Neal Higgins and Robwhitehouse.gov

Sources say the Biden administration forged a new agreement under which the State Department will have more ability to weigh in on certain kinds of cyber operations.

The agreement would give the State Department greater ability to monitor and weigh in on “third-party notifications,” defined as whether and how the U.S. government alerts countries if it plans to enter their cyberspace to interrupt adversaries’ cyber operations. The president has not yet signed the agreement. The situation remains fluid, but the sources said both the Defense and State departments feel they won important pieces of the fight. (Suzanne Smalley / Cyberscoop)

Cyber Threat Alliance @CyberAlliance

“The higher the diplomatic #Risk, the more disruptive or destructive the effect or the greater likelihood of establishing a ‘norm’ for offensive #Cyber activity, the broader and more senior the review of the proposed activity should be.” cyberscoop.com/state-to-gain-… #cybersecurity

State to gain more ability to monitor DOD cyber ops under White House agreementThe White House has reached consensus with the State and Defense Departments on how to pare back NSPM-13’s precedent-setting delegation of authority to the DOD.cyberscoop.com

The United Kingdom's National Cyber Security Centre (NCSC) has announced a new email security check service called Email Security Check to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches.

The service works by checking publicly available internet DNS records to verify if anti-spoofing controls (notably the DMARC Policy) are correctly configured and the TLS configuration by initiating a server "handshake." (Sergiu Gatlan / Bleeping Computer)

Related: NCSC, Infosecurity Magazine

Rob Joyce, the NSA’s director of cybersecurity, said the agency is investigating the extent that software made by the Russian cybersecurity company Kaspersky is embedded in US businesses and organizations amid rising security concerns arising from Russia’s invasion of Ukraine.

Some companies voluntarily abandoned Kaspersky antivirus products after the US government banned the company’s software from federal systems in 2017, citing espionage fears. Nonetheless, Kaspersky products continue to remain in use. (Katrina Mason / Bloomberg)

Klon Kitchen @klonkitchen

Uh-oh! Let’s go on a Bear hunt. @e_kaspersky Bloomberg - Are you a robot?bloomberg.com

Omnicell, a medication management and adherence tool provider for health systems and pharmacies, told the SEC that a ransomware attack had affected some of its services, products, and internal systems.

Omnicell took steps to implement its business continuity plans to restore and support continued operations. (Naomi Diaz / Beckers Hospital Review)

Related: Modern Healthcare, Marketwatch

Email security company Abnormal Security Corp. raised $210 million in a Series C funding round.

Insight Partners led the round with participation from Greylock Partners and Menlo Ventures. (James Rundle / Wall Street Journal)

Israeli-American VC firm YL Ventures announced the launch of a new fund $400 million fund, the company’s fifth, to back Israel’s cybersecurity sector.

The fund will be used to lead seed rounds into about three startups per year and invest in follow-on rounds, the firm said. (Ricky Ben-David / Times of Israel)

Related: Silicon Angle, Help Net Security

Metacurity