A group of security researchers has uncovered a concerning security flaw in certain hotel keycard systems. Nicknamed ‘Unsaflok’, their technique uses vulnerabilities in a specific brand of RFID-based keycard locks commonly used in hotels worldwide to ‘trick’ a smartlock into opening for an unauthorized user. Exploiting this security weakness means that anyone with the right equipment could break in and rob hotel guests.

How does the hack work?

The Unsaflok technique exploits weaknesses in encryption protocols and RFID technology used by these keycard systems. By obtaining any keycard from a target hotel and using a relatively affordable RFID read-write device, hackers create two keycards. Tapping the first card overwrites certain settings stored in the target lock itself. The second then unlocks the door, allowing the hacker to gain access. Shockingly, this process takes less than 30 seconds.

Even more concerning is that the compromised cards will also unlock the door’s deadbolt.

Am I in danger?

Clearly this is a serious problem, particularly when you realize that the affected locks are installed on millions of hotel room doors across the world. The security of guest rooms, hotel property, and guest safety could be threatened. And all it takes is two taps of compromised keycards.

The hacking group who ‘discovered’ this technique have chosen not to publicly disclose full details of the exploit. Instead they have worked with the manufacturer of the affected door locks to develop a fix which has proven to be effective.

There is one potential problem however – every single door lock must be visited and updated. Each affected hotel will also need to upgrade their keycard management system software.

While the manufacturer is actively working on mitigating these vulnerabilities, only a fraction of installed systems have been updated. Hotels and their guests continue to be at risk until the updates have been rolled out.

How can I protect myself against Unsaflok?

Whenever you check into a hotel for the first time, take a look at the lock on your door. If there is a wavy line across the round RFID reader, the lock may be vulnerable. You may also consider using a security tool like the NFC Taginfo app which can “read” your keycard and identify if it is still vulnerable to Unsaflok-like attacks. 

You should also follow the usual precautionary measures such as securing valuables in the hotel safe. When you are inside your room, use any additional door locks and chains if they are provided. And if your keycard is lost or stolen, report the incident to hotel reception as soon as possible.

The Unsaflok revelation serves as a reminder of the evolving nature of cybersecurity threats. It should also remind travelers of the importance of remaining vigilant to avoid becoming the victim of crime.

Read also: Data Privacy: A Guide for Individuals & Families

The post Hackers outsmart smart locks appeared first on Panda Security Mediacenter.

A British cybersecurity expert has called for a ban on ransomware payments to hackers. In an article for The Times, Ciaran Martin, former CEO of the UK’s National Cyber Security Centre (NCSC), has called for the government to outlaw the practice.

Under Martin’s proposal, ransom payments would be made illegal. Any businesses making a payment to ransomware scammers would be prosecuted.

Why should ransom payments be made illegal?

Ransomware is one of the most significant cybersecurity threats today. According to one report, more than $1bn was paid in ransoms in 2023 – and they expect that figure to rise again this year. For hackers, ransomware is a cheap, easy way to generate a lot of money – fast.

Seeing so many ransoms being paid encourages other cybercriminals to launch their own digital extortion campaigns. But Martin believes that if businesses are banned from making payments, financially-motivated ransomware attacks will stop because criminals will no longer be able to receive payment.

As one threat analyst commented, “For as long as ransomware payments remain lawful, cybercriminals will do whatever it takes to collect them. The only solution is to financially disincentivize attacks by completely prohibiting the payment of demands. At this point, a ban is the only approach that is likely to work.”

With no way to pay, and no prospect of receiving payment, criminals will stop using ransomware.

Does everyone agree?

Official UK government advice already states that victims should not pay any ransoms. But the reality is that many businesses could collapse if they are unable to access their IT systems. There is an implicit understanding that in some cases, paying a ransom is the only way out of the situation.

Experts believe that making it illegal to pay ransoms will simply accelerate this trend, bankrupting victims who have no other way of recovering their data. It will take time for new laws to take effect. And ransomware attacks are likely to continue for some time afterwards.

Other sources suggest that victims will simply continue to pay ransoms illegally. Should this happen, both victim and attacker become criminals. Any company paying an illegal ransom also opens themselves to becoming a target for blackmail.

Will anything change?

For the moment, no. Facing pressure from those for and against banning ransom payments, the UK government does not currently have any plans to address the situation in law. It is also worth noting that any such ban would only apply to British companies. Leaving ransomware criminals to target organizations anywhere else.

However, should one nation take a step towards banning ransom payments, it is likely that others follow. Stamping out cybercrime will take coordinated cooperation, but we have seen in the recent past that it can be made to work.

Whether ransom payments are outlawed or not, our advice remains the same. Always ensure that all your devices are properly protected with an antimalware solution like Panda Dome.

The post Is the UK about to ban ransomware payments? appeared first on Panda Security Mediacenter.

Consumers in the U.S. will soon see IoT devices sold with a strange little logo on the box called the U.S. Cyber Trust Mark. The label will be the equivalent of the Energy Star logo but for cybersecurity-conscious customers. It will be in the shape of a midlevel shield with a string of connected squares on it.  

While the Energy Star logo gives confidence to buyers who care about the environment, the U.S. Cyber Trust Mark will aim to provide the same peace of mind for tech junkies who want to make sure that the products they buy are built to the highest cyber security standards. 

The need for trustworthy products

Differentiating trustworthy products in the marketplace has never been more critical. As experts believe there will be approximately 30 billion connected devices globally by the end of this decade.

Implementation and standards

The first logo appearances will be on wireless consumer IoT products that meet the program’s cybersecurity standards. Also will be accompanied by a QR code explaining the details of the security of the product they are purchasing. 

Connected devices that have met the robust FCC cyber security standards will proudly display the U.S. Cyber Trust Mark on their packaging, with the first logo sightings expected this year. The government hopes this will protect hard-working families from buying products that are not cyber-secure enough. 

Government initiatives and industry participation

The new label program encourages large manufacturers of connected devices, retailers, and federal partners to take advantage of the new logo and proudly display it on products that meet FCC’s cyber security standards. The logo display is voluntary. But the FCC hopes that with time, more and more consumers will demand it from manufacturers. And the program will get mass adoption. Compliance testing, which would allow manufacturers to legally include the cyber security logo on products, will be done by accredited labs.

Combatting Cyber Threats

Over the last few years, many high-profile attacks have come from armies of unsecured IoT devices. Mainly consisting of compromised home security cameras, WiFi routers, fitness trackers, and other connected devices released to consumers with cyber security holes and inadequate tech support. 

Hackers use IoT botnets of infected devices to launch DDoS attacks that often disrupt federal and private business organizations. In most cases, consumers don’t even know that the products they use at home or work are infected.  And part of bot armies terrorizing different targets worldwide. 

The U.S. government hopes that the new logo and companies’ efforts to obtain it will tackle botnets and decrease the number of devices with weak cyber security reaching the hands of U.S. consumers.

Read also: Cybersecurity survey: 36% of Europeans don’t even have an IoT device

The post What is the U.S. Cyber Trust Mark? appeared first on Panda Security Mediacenter.

Research conducted by Channel 4 News, a UK nightly news show, has uncovered a massive explosion in deepfake pornography. According to the program, more than 4000 celebrities have had their likenesses used to create pornographic images and videos.

With generative artificial intelligence (AI) tools users are able to ‘map’ faces of well-known celebrities onto existing pornographic videos. This then gives the impression that the celebrity has participated willingly in the films.

What is going on?

As with all new technologies, someone, somewhere is always looking for a way to exploit it. Deepfake videos have been used to recreate concerts by music legends or resurrect long-dead movie stars. But the same technology can be used to create and share illegal content online – such as deepfake pornography.

Channel 4’s investigation into the five most popular deepfake websites discovered that more than 4000 individuals had had their likenesses stolen and reused in fabricated nude images. Of these, 252 were identified as coming from the UK, including female actors, TV stars, musicians and YouTubers.

The program also recounts how in 2016 there was just one deepfake pornography video posted online. In the first three-quarters of 2023, 143,733 new deepfake porn videos were uploaded to the 40 most used deepfake pornography sites – more than in all the previous years combined.

Are deepfakes legal?

Most experts agree that being a victim of deepfake pornography is deeply distressing, humiliating and dehumanizing. Unsurprisingly, governments across the world are working to better combat deepfakes and protect victims. 

In the UK, sharing deepfake porn without the permission of the person depicted is now illegal under the Online Safety Act. However, no one has yet been arrested or prosecuted for doing so. Notably, it is not illegal to create deepfake imagery – it is sharing that content which is banned.

What are the web giants doing about deepfakes?

Most web content hosts are still struggling to meet their obligations regarding detecting and removing deepfake content, but it seems that Google is leading the way. Speaking to Channel 4, a spokesperson said;

“Under our policies, people can have pages that feature this content and include their likeness removed from search. And while this is a technical challenge for search engines, we’re actively developing additional safeguards on Google search – including tools to help people protect themselves at scale, along with ranking improvements to address this content broadly.”

This offers victims some level of protection – but only after the deepfake content has begun circulate online. 

The battle against deepfake content continues to evolve, as does generative artificial intelligence. Legal frameworks like the Online Safety Act do provide some safeguards – and should help to deter some would be pornographers. But with so many different legal standards across the globe, it will remain difficult for service providers to properly police the content being uploaded and viewed by their users.

The post Deepfake pornography explosion appeared first on Panda Security Mediacenter.

Rewards For Justice (RFJ), a U.S. government interagency rewards program. Offers up to $10 million reward for any information that could lead to the identification or location of any person from the ALPHV cyber gang, also known as BlackCat, who attacks U.S. critical infrastructure.

The reward offered by the intelligence-driven law enforcement government program is similar to what the RFJ provides for information about high-profile Yemeni and Saudi terrorist elements and al-Qa’ida members.

Targeting critical infrastructure and the change healthcare attack

The U.S. government takes attacks on critical infrastructure very seriously. As such activities violate the Computer Fraud and Abuse Act (CFAA). RFJ’s sudden attention to the cyber gang is likely a response to the recent cyberattack on UnitedHealth’s sub-company Change Healthcare. Affiliates of the hacker organization stole approximately six terabytes of data during a security incident earlier this year.

Change Healthcare operates the largest financial and administrative information exchange in the United States and was hit by bad actors in February 2024. The attack was massive and disruptive, with some partner healthcare providers claiming to lose upwards of $100 million per day because of the breach. Even though many believe UnitedHealth paid a $22 million ransom to the hackers, the health insurance company is still dealing with the fallout after the attack and is working on processing over $14 billion in claims.

BlackCat: A RaaS gang behind major attacks

BlackCat, also known as ALPHV and Noberus, is a ransomware-as-a-service (RaaS) cyber gang. And it has been somehow connected to some of the most significant ransomware attacks over the last few years. The popular cyber gang provides its ransomware malicious code to affiliates, who then attack organizations for monetary gain. Affiliates of the popular cyber gang were behind the attack on Reddit and the breaches of MGM Resorts International and Caesars Entertainment.

In an eyebrow-raising twist, the affiliates responsible for the UnitedHealth heist might have been scammed out of the money themselves. As soon after BlackCat confirmed receipt of the $22 million ransom, decided to pull an exit scam and run away with the digital funds, as the group now displays a fake banner saying that the FBI and other criminal agencies have seized the server. Usually, after a victim pays a ransom, the BlackCat gang splits the money with the affiliates who executed the attack. But in this case, the BlackCat decided not to split the payment and move on with their lives. Essentially scamming the people who pulled out the heist.

Read also: FBI makes a move against ALPHV/Blackcat, the cybergang fights back

Unmasking BlackCat: RFJ seeks information

The location of the gang leaders and the affiliates associated with the attack remains unknown. U.S. government agencies hope that the $10 million reward offered by RFJ will help law enforcement agencies finally have a breakthrough on the criminal organization. Organization that has been torturing both government and private organizations in the U.S. and abroad for years.

The scope of the hacker organization’s attacks is so massive and sophisticated. Because of that, RFJ believes the RaaS organization is likely acting under the direction or control of a foreign government. However, the RFJ reward notice does not name specific countries that could be supporting the ALPHV BlackCat hacker group.

The post Rewards For Justice offers up to $10 million reward for info on ALPHV BlackCat hacker group leaders appeared first on Panda Security Mediacenter.

A new smart home security standard is due to launch in the second half of this year. That’s according to a recent announcement by the Connectivity Standards Alliance (CSA), the organization behind the cross-platform “Matter” smart home technology.

This new, voluntary framework will allow smart home/IoT manufacturers to have their devices tested and certified for compliance against a common security standard. Devices that pass the certification testing will then be awarded the Product Security Verified (PSV) Mark.

Building trust in IoT

Security professionals have been warning about the potential risks associated with insecure smart home devices for several years. Indeed, the Panda Security blog has covered the issue of weak smart home security several times in the past.

This announcement from the Connectivity Standards Alliance is welcome news. Although the standard remains voluntary, it shows a willingness from manufacturers to take the issue of household security seriously. It also means that consumers will find it much easier to choose products that have been certified as meeting a certain standard of security.

What does the new standard mean?

In the US, there is already a ‘Cyber Trust Mark’ security standard that manufacturers can apply for. The new PSV mark seeks to go further by taking the US guidelines and combining similar requirements from other countries, such as Singapore and Europe.

In this way the CSA hopes to deliver a single security specification that can be quickly adopted and endorsed by governments across the world. Should this happen, manufacturers will have to complete only one certification process to sell their devices into multiple markets.

Encouragingly, the PSV mark has already been recognized by the government of Singapore. And the CSA has also announced they are in talks with authorities in the USA, EU and UK about endorsing the mark. Some reports suggest that these agreements are already almost complete.

What does the PSV Mark require?

Most of the basic PSV certification requirements are sensible – and much needed. To earn the mark, certified devices must: 

• Have a unique identity for each IoT Device
• Not use hardcoded default passwords
• Ensure the device securely stores any sensitive data
• Security-relevant information communications must also secure/encrypt
• Throughout the support period, the provider must supply secure software updates
• Organizations must secure development processes against supply chain attacks, including vulnerability management
• Documentation regarding security and the manufacturer support period must be published publicly. 

Most reputable vendors should already adhere to most of these requirements. However, the PSV Mark enables consumers to know exactly what they are getting when buying a new smart device.

As vocal advocates of increased privacy and security, Panda Security welcomes the new PSV Mark and look forward to its imminent release.

The post A new smart home security standard is coming appeared first on Panda Security Mediacenter.

Red Hat has issued an “urgent security alert” warning of an attack detected in two versions of the popular XZ Utils data compression library (formerly known as LZMA Utils).

Attack details CVE-2024-3094

The attack, identified as CVE-2024-3094, has been given the highest possible CVSS score of 10.0. Indicating a threat of maximum severity. The Common Vulnerability Scoring System (CVSS) is used to assess the severity and security risk to the system using a scale of 0 to 10. The affected versions are 5.6.0 (released on February 24th) and 5.6.1 (released on March 9th) of XZ Utils.

Impact and recommended action

According to statements by the IBM subsidiary. The liblzma compilation process extracts a file of pre-compiled objects from a test file camouflaged in the source code. Thus allowing modification of specific functions in the liblzma code. This results in a modified library that can be used by any software linked to it. Making it easier to intercept and modify data interaction with that library.

Specifically, the malicious code seeks to interfere with the sshd daemon process for SSH (Secure Shell) through the systemd software suite. Potentially allowing an attacker to break sshd authentication and gain unauthorised access to the system remotely.

Origin and response

Microsoft security researcher Andres Freund has been credited with discovering and reporting the issue. The malicious code was introduced by a user named Jia Tan (JiaT75) in a series of inputs to the Tukaani project on GitHub. In response, GitHub has disabled the Tukaani Project’s XZ Utils repository due to a violation of its terms of service.

Although there are no reports of active exploitation in the wild. Fedora Linux 40 users are advised to upgrade to version 5.4 of XZ Utils. Other affected distributions include Arch Linux, Kali Linux, openSUSE Tumbleweed and MicroOS, as well as all versions of Debian categorised as test, unstable or experimental.

As a precaution, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert. Urging users to downgrade XZ Utils to a non-compromised version (e.g. XZ Utils 5.4.6 Stable).

This incident highlights the importance of security in the software supply chain and underscores the need for continued vigilance by the cyber security community.

Read also: LockBit Locked Down

The post Red Hat issues “urgent security alert” following attack on XZ Utils compression library appeared first on Panda Security Mediacenter.

You eagerly power up your computer, ready to dive into a day of productivity or leisure, only to be greeted by a digital nightmare: All your computer data is missing. Your system is infected with a mysterious and elusive intruder. This isn’t just any ordinary virus; it’s a cunning and adaptive foe known as a heuristic virus. 

Heuristic viruses pose a risk of data loss by infiltrating systems and potentially corrupting or deleting files. This can disrupt personal or business operations and lead to irreplaceable data loss. These viruses can also compromise the stability of your device, causing frequent crashes, slow performance and overall diminished functionality.

In this post, we’ll explore how heuristic viruses work, how to get rid of them and, most importantly, how to protect yourself from their tricky attacks.

Heuristic Virus vs. Heuristic Analysis

While the term “heuristic virus” can refer to the method by which malicious code is detected, it’s better suited to describe a specific virus, Heur.Invader — a malware designed to change system settings.

What Is a Heuristic Virus?

Heuristic virus — a term used to describe the virus Heur.Invader — is a type of computer virus that compromises your system’s settings, opening the door to other malware. It operates by adapting and attempting to evade detection by security measures through unpredictable tactics. 

A Trojan is a common type of heuristic virus that appears to be safe software but causes damage. 

These viruses mess with your device’s settings or code, which lets malware sneak in. Sometimes, cybercriminals use heuristic viruses to put spyware and other harmful software on your device to steal your private information.

What Is Heuristic Analysis?

Heuristic analysis is a technique employed by antivirus software to identify potential threats that were previously unknown. Instead of relying on a list of known threats, it looks for suspicious behavior. It’s a smart way for antivirus software to catch new, unknown viruses before they cause harm.

Heuristic-based analysis uses several techniques to analyze behaviors and threat levels, including:

• Dynamic scanning: Analyzes the behavior of a file in a simulated environment
• File analysis: Analyzes the intent, destination and purpose of a file
• Multicriteria analysis (MCA): Analyzes the weight of the potential threat

What Is Heuristic Scanning?

Heuristic scanning is a technique used within heuristic analysis to find source codes to detect unknown viruses by looking for suspicious behavior or patterns in files or programs. 

Adjusting the sensitivity level in heuristic scans determines how cautious the antivirus is about suspicious files. Higher sensitivity provides better protection but may flag more false positives. 

How to Get Rid of Heuristic Virus

Reliable antivirus software is the key to detecting and getting rid of any type of virus, including heuristic viruses. 

When removing the Heur.Invader virus, always boot the computer in safe mode. Doing so starts the computer only with the necessary drivers and services and won’t load the virus — which can disable antivirus software.

1. Boot the computer in safe mode.
2. Run your full antivirus software scan as normal.
3. Once the scan denotes malicious code, inspect the element manually for false positives.
4. Remove the malicious code.

How to Enable Safe Mode on Windows

To enable safe mode on your PC before beginning an antivirus scan, follow these steps:

1. Access startup options: When the sign-in screen appears, hold the Shift key and select Power, then click Restart.
2. Choose troubleshoot: Your PC should now know that you’re about to run an antivirus scan. You’ll see a prompt on the screen to “Choose an option.” Click Troubleshoot → Advanced Options → Startup Settings.
3. Restart again: Wait for the next window to load and click Restart.
4. Select safe mode: After a moment, you’ll see the startup options menu. Select number 4 or press F4 to enable safe mode.

How to Enable Safe Mode on Mac

To enable safe mode on your Mac before beginning an antivirus scan, follow these steps:

1. Shut down your Mac: Click on the Apple menu and select Shut Down.
2. Start your Mac in safe mode: Press the power button to turn on your Mac, then immediately press and hold the Shift key.
3. Release the Shift key: Release the Shift key when you see the Apple logo and progress bar.
4. Log in: Log in to your account once your Mac finishes booting up.
5. Your Mac is now in safe mode: Perform troubleshooting tasks or run antivirus scans with limited functionality and only essential processes running.

How to Prevent Heuristic Viruses

Heuristic viruses, known for their adaptability and evasive tactics, can wreak havoc on your digital life. Here are some tips to safeguard your devices from heuristic viruses:

Install Reliable Antivirus Software

Installing reputable antivirus software is your first line of defense against heuristic viruses. Choose a comprehensive security suite that offers real-time scanning, heuristic analysis and frequent updates. Regularly scan your system and keep your antivirus software up-to-date to ensure maximum protection against emerging threats.

Keep Software Updated

Regularly updating your operating system and software applications is crucial for staying ahead of heuristic viruses. Software updates often include security patches that fix vulnerabilities. Enable automatic updates whenever possible to ensure your system is always fortified against potential threats.

Be Cautious With Email

Heuristic viruses often spread through malicious email attachments or links. Exercise caution when opening emails from unknown senders or unexpected sources, and avoid clicking on suspicious links or downloading attachments from unfamiliar emails. Be wary of phishing attempts and verify the email’s authenticity before taking action.

Enable Firewall Protection

Enable the built-in firewall protection on your devices to create an additional barrier against heuristic viruses. Firewalls monitor incoming and outgoing network traffic, blocking unauthorized access and potentially harmful connections. Configure your firewall settings to restrict access to your system and enhance your overall cybersecurity posture.

Practice Safe Browsing

Heuristic viruses can exploit vulnerabilities in web browsers to infiltrate your system. Practice safe browsing habits by avoiding suspicious websites and not clicking on pop-up ads or unknown links. Be cautious when downloading files from the internet, and only visit reputable websites with secure HTTPS connections.

Create Strong Passwords

Strong passwords are essential for protecting your accounts from heuristic viruses and cyber threats. Use complex passwords that include a combination of uppercase and lowercase letters, numbers and special characters. Avoid using easily guessable passwords and never share your passwords with anyone.

Protecting your devices from heuristic viruses requires a proactive approach. By implementing reliable antivirus software, keeping software updated and practicing safe browsing habits, you can significantly reduce the risk of falling victim to these stealthy threats. Remember, staying vigilant and informed is key to maintaining a secure digital environment.

The post What Is a Heuristic Virus? + How to Remove It appeared first on Panda Security Mediacenter.

In today’s interconnected world, every click, swipe and share leave a trail of digital footprints behind. Your data is constantly collected, analyzed and sometimes exploited without your consent. As technology advances, so do the methods used to track and monetize your online activities. This is where the importance of data privacy comes into play.

What Is Data Privacy?

Data privacy refers to the protection of sensitive information from unauthorized access, use or disclosure. It encompasses the measures individuals and organizations take to control who has access to their data and how it is used.

Why Is Data Privacy Important?

The more you know about data privacy, the easier it is to:

• Protect your identity: Your personal information, such as your name, address and financial details, can be used by malicious actors to steal your identity, commit fraud or engage in other criminal activities.
• Preserve your reputation: Data breaches can expose sensitive information, leading to embarrassment, damage to your reputation or even legal consequences.
• Maintain control: By understanding and asserting your data privacy rights, you can maintain control over how your information is collected, shared and used by companies and organizations.
• Ensure trust: Whether you’re a consumer, employee or business owner, prioritizing data privacy fosters trust in your relationships with others, whether they be customers, partners or employees.

Download Our Free eBook

Ready to take control of your digital footprint? Our comprehensive ebook, “Data Privacy: A Guide for Individuals & Families” unpacks everything you need to know to safeguard your personal information online, from understanding privacy policies to defending your devices against hackers.

Our data privacy eBook covers:

• Data Privacy Basics
• Understanding Data Breaches
• Protecting Yourself and Your Information
• Data Privacy FAQ

Don’t let your valuable data fall into the wrong hands. Take the first step toward protecting your privacy today by downloading our eBook.

The post Data Privacy: A Guide for Individuals & Families appeared first on Panda Security Mediacenter.

Late last year, the Digital Services Act (DSA) came into force across the European Union. Initially the DSA applied only to the very largest online services like Facebook and Google, forcing them to institute safeguards against malicious content and several other important factors.

However, as of February, the DSA now applies to any online service that is used by EU citizens. Under the legislation providers must:

• Describe their content moderation practices in their terms and conditions and publish annual transparency reports on content moderation practices.
• Clearly identify online advertising including the advertiser and sponsor.
• Not deliver targeted advertising by profiling children or based on special categories of personal data such as ethnicity, political views or sexual orientation.
• Not use certain nudging techniques or deceiving practices that impair a user’s ability to make free choices on how they interact with a platform.
• Provide information about how their recommendation systems work when displaying targeted information to users.
• Provide information about the traders offering goods or services via online marketplaces that they operate.

Every company?

Yes. If a company offers digital services to EU citizens, they must adhere to these new rules. They are expected to set up complaints procedures and define how disputes will be resolved out-of-court. They must also cooperate with trusted flaggers (appointed by the governments of EU member states), take measures against abusive notices, deal with complaints and check the credentials of third-party suppliers. Failure to meet DSA obligations could see companies fined as much as 6% of their worldwide annual turnover.

Only the smallest companies are exempt from the Digital Services Act – those employing fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed €10 million.

What does this mean for users?

Since the DSA came into force, you may have noticed a number of apps and websites are asking you to confirm updated terms of service. Others, particularly Facebook, are prompting users to accept (or reject) personalized ads on their timelines.

Although a little annoying, these pop-ups offer a rare opportunity to regain some control over your privacy and personal data. If you are concerned about either, you should use this opportunity to ‘opt out’ of the data collection routines employed by big tech companies.

Two other things to note

There are two other important DSA issues to note. First, any company serving EU citizens must abide by the act, even if they are not based in the European Union.

Second, any businesses will make changes to their systems that apply EU rules to all users. However, non-EU citizens may not be able to make use of some of the additional features, such as dispute resolution mechanisms.

As things stand, DSA roll-out remains quite slow. And many EU members states are not yet ready to assume their responsibilities under the Act. Which means that we will see many more changes in the near future.

Read also: European cybersecurity that protects the world

The post The Internet just changed – did you notice? appeared first on Panda Security Mediacenter.