Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
22 articles found · #soc
Instructure/Canvas: 275M users at risk — 24/7 SOC to meet NIS2 Art. 23
ShinyHunters breached Instructure/Canvas, threatening up to 275M records. How a managed SOC/SIEM enables 24h qualification and ILR notification under NIS2 Art. 23.
FlowerStorm (KrakVM) evades email filters and the NIS 2 stakes
The FlowerStorm phishing kit runs obfuscated JavaScript in KrakVM to intercept MFA. Here is how an email gateway, DMARC/SPF/DKIM, and a 24/7 SOC help meet NIS 2 in Luxembourg.
Okta/SSO hit by vishing: how FIDO2 blocks MFA bypass
In January 2026, Okta/Entra accounts were breached via vishing and AiTM proxies capturing OTP/push in real time. Phishing-resistant FIDO2/WebAuthn meets GDPR Article 32 requirements.
CNIL vs Free/Free Mobile (€42M): a 24/7 SOC is now essential under NIS 2
Following the €42M fine against Free/Free Mobile, weak VPN auth and failed detection show why a 24/7 SOC is critical for GDPR and NIS 2 (24-hour alert).
Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h
Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).
FICOBA: 1.2M accounts exposed — IAM and least privilege
A compromised high-privilege account enabled access to ~1.2M FICOBA records. What happened and how least-privilege IAM addresses GDPR Art. 25 and NIS 2 Art. 21 requirements.
CNIL vs Free: €42M — why a 24/7 SOC is vital to meet NIS 2 Art. 23
After the €42M fine against Free/Free Mobile, slow detection proves costly. Under NIS 2 Art. 23, detecting and notifying within 24 hours is now an operational obligation in Luxembourg.
NIS 2 audit: method, pitfalls and quality criteria for measures
7-phase NIS 2 audit method, the 5 most common pitfalls, and the 6-criteria grid to distinguish a real SOC from a marketing product. For the 1,200+ Luxembourg entities concerned.
EDR/XDR: Continuous detection aligned with NIS 2 (Art. 21) and DORA (Art. 10)
Executives must demonstrate continuous and effective incident detection. A well‑deployed EDR/XDR stack meets NIS 2 Art. 21 and DORA Art. 10 requirements with auditable technical evidence.
TLPT (threat‑led red team): meeting DORA Articles 26‑27
DORA requires selected financial entities to run threat‑led penetration tests on production systems. This is how a structured TLPT implementation fulfils Articles 26‑27, step by step.