Yazılar

WestJet Investigates Cybersecurity Breach Impacting Mobile App and Internal Systems

/in /tarafından

WestJet Airlines of Canada is currently investigating a cybersecurity incident that has disrupted access to its mobile app and certain internal systems, the airline announced in a statement on Friday. The breach has affected an unspecified number of users.

WestJet said that specialized internal teams are working closely with law enforcement agencies and Transport Canada to contain the impact and determine the full extent of the security breach.

“We are expediting efforts to safeguard sensitive data and personal information for both our guests and employees,” the airline said, while also noting it is too soon to speculate on the cause or scope of the incident.

Despite the disruption, a company spokesperson confirmed that WestJet’s flight operations remain safe and fully unaffected.

This incident adds to a growing trend of cyber threats targeting critical infrastructure in Canada. Earlier in April, energy company Emera and its subsidiary Nova Scotia Power reported unauthorized access to their networks and business servers.

Taiwan Cyber Unit Unfazed by China’s Bounty Threat on Alleged Hackers

/in /tarafından

Taiwan’s cyber defense forces have vowed not to be intimidated by China’s offer of monetary rewards for the arrest of 20 individuals Beijing claims are Taiwanese military hackers, the island’s defense ministry said on Wednesday. Taiwan emphasized that China’s legal system holds no jurisdiction over the democratically governed island.

The controversy escalated last week when China’s Guangzhou Public Security Bureau named and published photos, names, and identity card numbers of the alleged hackers linked to Taiwan’s Information, Communications and Electronic Force Command, offering rewards exceeding $1,000 for their capture. Beijing’s Taiwan Affairs Office warned that it would “pursue the matter to the end” and would not show leniency.

In response, Taiwan’s defense ministry condemned China for spreading false narratives and using “cross-border rewards” as part of what it called a disinformation campaign to weaken military morale. Taiwan’s constitution affirms that Chinese laws have no binding authority on the island or its people.

“The officers and soldiers of the Information, Communications and Electronic Force Command will remain steadfast,” the ministry said, “defending the digital frontier and ensuring national security through solid information defense.”

Taiwan has frequently accused China of extensive cyberattacks and disinformation campaigns aimed at undermining public trust in Taiwan’s government, amid increasing military and political pressure from Beijing.

New EU Cyber Law Faces Delayed Adoption as Many Nations Miss Deadline

/in /tarafından

The European Union’s new cybersecurity directive, NIS 2, which sets higher standards for companies to strengthen their cybersecurity defenses, has encountered a rough start. Many EU member states have yet to adopt the rules into national law, missing the key enforcement deadline, according to a report from the DNS Research Federation.

NIS 2, short for the Network and Information Security Directive 2, became enforceable across the bloc on Thursday, requiring companies to enhance risk management, transparency, and business continuity planning in the event of a cyberattack. However, the slow pace of adoption by EU countries means that enforcement of the directive is expected to be inconsistent.

Portugal and Bulgaria are two of the countries that have yet to begin incorporating NIS 2 into their legal frameworks, raising concerns about their cybersecurity readiness. Many other EU countries are at various stages of implementing the law, creating disparities across the region.

NIS 2 was designed to update the original NIS directive, addressing more recent cybersecurity challenges. It expands its reach to cover essential service providers, including banks, energy suppliers, health care institutions, internet providers, and waste management services. The directive also introduces stricter reporting requirements, with firms now having just 24 hours to notify authorities of a cyber breach.

The directive mandates businesses to thoroughly vet technology vendors for cyber vulnerabilities and to share information on security issues with other organizations, even if that means disclosing their own breaches. Non-compliance can result in hefty fines—up to 10 million euros ($10.9 million) or 2% of global annual revenue for essential entities, such as transport and financial firms. For important businesses, like food and chemical companies, the penalties could reach 7 million euros or 1.4% of global revenue.

The effectiveness of NIS 2 will depend heavily on consistent implementation across EU member states, according to Tim Wright, a partner and technology lawyer at Fladgate. Gaps in adoption could lead cybercriminals to target countries that lag behind or smaller vendors within the supply chain, he warned.

Businesses have been preparing for the directive’s stricter cybersecurity measures, but inconsistencies in national laws have created additional challenges, particularly for smaller organizations with fewer resources. Chris Gow, Cisco’s EU public policy lead, recommended that companies focus on identifying common security controls that can help them comply with the directive despite these discrepancies.

Carl Leonard, EMEA cybersecurity strategist at Proofpoint, emphasized that NIS 2 establishes clear risk management expectations, including leadership accountability and incident handling. The penalties, which include not only fines but also possible service suspensions and increased supervision, are meant to compel organizations responsible for critical infrastructure to take cybersecurity threats more seriously.