De Nederlandse stemsoftware Ondersteunende Software Verkiezingen (OSV) wordt op 20 maart ook bij de Provinciale Statenverkiezingen gebruikt. In de software werden de afgelopen jaren kwetsbaarheden gevonden.

De Kiesraad schrijft in het jaarverslag van 2018 (pdf) dat de software aan vervanging toe is. De OSV wordt sinds juni 2009 gebruikt om stemmen te tellen en uitslagen te berekenen, maar is door de jaren heen meerdere keren onveilig bevonden.

Na onderzoek door RTL Nieuws werden in 2017 al kwetsbaarheden in OSV gevonden. Hackers zouden de software kunnen misbruiken om de uitslag van verkiezingen te beïnvloeden. Een jaar later bleek na een nieuw onderzoek van RTL Nieuws dat de software nog steeds tientallen kwetsbaarheden bevatte.

De vorig jaar aangenomen Amerikaanse CLOUD Act zorgt voor Europese onrust over de reikwijdte van die wetgeving voor datavordering bij cloudaanbieders. Terwijl de VS sust dat deze wet slechts is bedoeld als hulp bij opsporing van criminele activiteiten leeft de vrees dat misbruik mogelijk is.

Een Chinese wet voor verplichte medewerking aan datavorderingen wordt door de VS juist bekritiseerd als middel voor cyberspionage. Hierdoor wordt een Chinees bedrijf als Huawei nu gewantrouwd.

Europese experts en politici maken zich zorgen over Huawei, maar ook over Amerika, schrijft persbureau Bloomberg. Het centrale punt van zorg in beide gevallen is de ambities met betrekking tot data en overheidsvordering daarvan.

WannaCry and NotPetya brought major companies to their knees and cost billions to remediate. A new report from Lloyds of London warns another similar ransomware attack would still be devastating.

The WannaCry and NotPetya ransomware attacks were massive incidents that impacted companies both large and small across large geographic areas. Both propagated quickly and brought massive organizations such as the UK’s National Health Service (NHS) and shipping giant Maersk to a standstill.

While the threat from those two individual attacks has been mostly mitigated, variants of both still continue to propagate out in the wild. A new report suggests that another global attack in the same style, if coordinated and executed properly, could cause even more damage and cost companies billions of dollars in damage.

The UK banking sector was hit by IT outages on a daily basis in the last nine months of 2018, with 302 reported TITSUPs according to consumer group Which?.

Financial institutions have been required to report major operational or security incidents to the sectoral watchdog since April 2018, and Which? used this data to assess the frequency of failures.

It found that, between 1 April and 31 December 2018, there were 302 reports – equivalent to a mean of 1.1 incidents each day. Which? said that six of the major banks had suffered at least one incident apiece every two weeks.

It’s no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies. What’s less known is who those companies are, and what exactly they do.

Thanks to a new Vermont law requiring companies that buy and sell third-party personal data to register with the Secretary of State, we’ve been able to assemble a list of 121 data brokers operating in the U.S. It’s a rare, rough glimpse into a bustling economy that operates largely in the shadows, and often with few rules.

Even Vermont’s first-of-its-kind law, which went into effect last month, doesn’t require data brokers to disclose who’s in their databases, what data they collect, or who buys it. Nor does it require brokers to give consumers access to their own data or opt out of data collection.

As AI becomes more commonplace, there’s an increased need for data governance. It’s an issue that’s been identified by the government, as it recently announced an ethics group to oversee large groups of data sets.

An All-Party Parliamentary Group (APPG) on Artificial Intelligence was set up in January 2017 to specifically explore how the technology might impact and have implications on our lives.

The issue of data governance is complex, and the solution everyone is hoping to come to is a safe, secure and regulated framework that is effective while keeping on the ‘right’ side of the right to privacy.

Europe should force medical equipment companies to set up a fund to help victims of faulty devices as part of a complete overhaul of legislation governing the industry, a European parliamentary committee heard Wednesday.

A Dutch Member of the European Parliament (MEP) Annie Schreijer-Pierik proposed the initiative during a wide-ranging address in which she said patients were deliberately being kept in the dark about the potential risks involved in medical device implantation and subsequent failures by the absence of available public data.

“You can say it’s not such a big problem, but if it affects you, it is a big problem no matter what you say,” she observed.

Last year was full of cybersecurity disasters, from the revelation of security flaws in billions of microchips to massive data breaches and attacks using malicious software that locks down computer systems until a ransom is paid, usually in the form of an untraceable digital currency.

We’re going to see more mega-breaches and ransomware attacks in 2019. Planning to deal with these and other established risks, like threats to web-connected consumer devices and critical infrastructure such as electrical grids and transport systems, will be a top priority for security teams.

But cyber-defenders should be paying attention to new threats, too. Here are some that should be on watch lists:

The National Audit Office (NAO) has criticised the government's flagship identity verification scheme. A damning report says Gov.UK Verify has fallen well short of its target of 25 million users by 2020, managing only 3.6 million so far.

The government has had to lower its estimates for Verify's financial benefits by 75%. It says challenges like these are to be expected when the government is working "at the forefront of new technology".

The Verify platform was launched by the Government Digital Service (GDS) in 2016, intended to become the default way for people to prove their identity for online government services.

Democrats in the US Congress plan to unveil legislation on Wednesday to reinstate "net neutrality" rules that were repealed by the Trump administration in December 2017, House of Representatives Speaker Nancy Pelosi said.

Pelosi told lawmakers in a letter that House Democrats, who won control of the chamber in the November 2018 elections, would work with their colleagues in the US Senate to pass the "Save The Internet Act."

The text of the proposed legislation has not been released.