The EU has introduced NIS2, an updated Network and Information Security Directive, with enhanced security rules and reporting requirements for a broader range of organisations. The directive addresses increasing global ransomware attacks and the complex cybersecurity landscape. EU member states must implement the law by 17th October 2024, including establishing computer security incident response teams. Organisations must also institute policies for risk analysis, information system security and cybersecurity risk management. Penalties for non-compliance could reach €10 million or 2% of global annual revenue for essential entities.
Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code
Security researcher Nafiez disclosed a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft will not patch it, citing “inadequate
