Aristotelis Tzafalias

@aristot73@infosec.exchange
78 Followers
249 Following
349 Posts

New blogpost regarding EU policy initiatives concerning lawful interception:

https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-policy-news

CERT.at Encryption vs. Lawful Interception: EU policy news

⚠️ WATCH OUT! European Commission's questionnaire for public consultation on #DataRetention has some really tricky and misguiding questions! ⚠️

But don't worry - we'll be publishing an answering guide in early August to help you understand the questions and avoid the traps. Well in time for the September 12 deadline! 😌

Stay tuned for the guide! 🗺️

The European Commission (EC) is looking for independent experts to evaluate funding applications for programs like Horizon Europe.
The EC wants a diverse pool of experts & is therefore inviting people to register as an expert. An expert is anyone with experience and knowledge in a specific field. On June 19 the EC hosted a webinar explaining what experts do & what you can expect when you register.
Here is a link to the webinar recording and general info and docs.
https://ec.europa.eu/research/participants/docs/h2020-funding-guide/other/event250619.htm

It is ridiculously hot in Europe, unbearably so, and yet we are building systems which are needlessly complex and power-hungry.

Something is very wrong with us.

At least 66 children dead of malnutrition in Gaza amid Israel’s war

UNICEF says the number of malnourished children in the Gaza Strip is rising at an ‘alarming rate’.

Al Jazeera

The European Commission is putting together an "Expert Group for a Technology Roadmap on Encryption": https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

The group will include 12 members plus one member of ENISA (Cybersecurity Agency), EUROPOL (Police) and EDPS (Data protection Supervisor).

"The group shall be co-chaired by a representative of DG CNECT and a representative of DG HOME"

Applications are open until September 1st.

RE: https://infosec.exchange/@aristot73/114756135579776190

#EUGoingDark #encryption #privacy

The NLnet Foundation has announced a new list of 62 projects receiving funding through the Next Generation Internet (NGI) Zero Commons Fund: open hardware security key Nitrokey, open hardware microscope OpenFlexure... https://nlnet.nl/news/2025/20250624-announcement-grants-CommonsFund.html
NLnet; 62 new projects contribute to digital commons

Report from Unwanted Witness.

‘Surveillance/Spyware: An Impediment to Civil Society, HRDs and Journalists in East
& Southern Africa’

https://www.unwantedwitness.org/wp-content/uploads/2025/06/Report-06.06.2025-FINAL.pdf

European Commission- Call for applications - Expert Group for a Technology Roadmap on Encryption (E04005) ACTIVE - deadline 1 September 2025.
#dataretention #lawfulinterception #digitalforensics #encryption

"The selection shall prioritise experts with technical profiles, coming from either public or private sector, whilst aiming to ensure proportional representation across the following fields of expertise: • Home affairs, ideally with an experience in fighting high-tech crime, and/or a background in the area of decryption and artifact extraction, computer forensics, network forensics, smartphone forensics, cloud forensics, IoT forensics, memory forensics and/or lawful interception; • Cybersecurity. with diverse backgrounds including but not limited to vulnerability management, evaluation of cybersecurity risks and certification and encryption (including quantum and post-quantum cryptography); • Telecommunication, including with experience in computer networks/Internet, 5G/6G, IoT, VoIP, Satellite, Quantum communication and/or encrypted communication applications; • Big data analysis, including with expertise in AI technologies; • Standardisation, notably in relation with cybersecurity and/or telecommunication technologies, including protocol networks, exchanges of digital data, and lawful interception; • Justice and fundamental rights, including experience in data protection and privacy, as well as experience in criminal justice, such as cyber-enabled and/or cyber-dependent crimes"

https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

×

Curious about the Chinese vulnerability database? It's now included on https://vulnerability-lookup.org!
Big thanks to @rafi0t for the awesome work and the clever LookyLoo import!

🔗 https://vulnerability.circl.lu/recent#cnvd

#vulnerability #vulnerabilitymanagement #threatintel #cybersecurity #china

@adulau Getting the CNVD DB was a fun task: there is a list of XML weekly dumps we can get from the official website, but it is only accessible once logged in. This list of links doesn't require to be logged in *but* you need to pass a JS challenge[1]. Which is a annoying when you don't want to manually download 540+ files. The solution was to send these URLs to Lookyloo[2] and get the downloaded file[3].

[1] https://www.daehee.com/blog/scrape-cnvd-jsl-clearance-s/
[2] https://lookyloo.circl.lu/capture
[3] https://helga.circl.lu/vulnerability-lookup/CNVD-Dump/src/branch/main/cnvd_dump/cnvd_downloader.py#L35

Bypassing __jsl_clearance_s Cookie To Scrape CNVDs | Daehee Park