On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
Some writers (not from my great state of Rhode Island) act like Rhode Island has been behind the times when it comes to data privacy and security when discussing Rhode Island’s new privacy law. I feel a need to explain that...more
7/12/2024
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Notification Requirements ,
Personal Data ,
Privacy Policy ,
Rhode Island ,
State Privacy Laws
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all...more
TeamViewer, which provides remote connectivity products and services, announced that it detected a cybersecurity event on its internal IT system on June 26, 2024. TeamViewer stated that it did not affect the TeamViewer...more
I always watch what the federal government requires of its employees’ use of technology to get a feel for risks and what is coming down the pike from a regulatory standpoint—this has been going on for years. That’s why I was...more
TikTok has reported that it is responding to a cyber attack targeting a limited number of known brands and celebrity accounts. The BBC has identified that Paris Hilton’s account as being targeted, but TikTok says it was not...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
5/28/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Failure to Notify ,
Financial Markets ,
Hackers ,
Information Technology ,
NYSE ,
Securities and Exchange Commission (SEC) ,
Settlement
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross...more
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/13/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Snapchat ,
Surveillance ,
TikTok
CYBERSECURITY -
New Threat: Scattered Spider International Coalition of Hackers -
Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected...more
Darktrace researchers have outlined a particularly scary scenario of how threat actors are bypassing MFA and using artificial intelligence to launch sophisticated phishing attacks against users....more
CYBERSECURITY -
Patch, Patch, Patch: Updates for Fortinet, Microsoft, and Adobe Products -
Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky....more
CYBERSECURITY -
HC3 Warns Healthcare Organizations about Akira Ransomware Group -
The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that...more
2/21/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Scams ,
USPTO ,
Vulnerability Assessments
CYBERSECURITY -
Ransomware Hitting U.S. Companies at Increasing Rate -
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022....more
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid...more
2/8/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
CYBERSECURITY CISOs:
New Report Outlines Risks of LLMs -
I hang out with a lot of Chief Information Security Officers (CISOs), so this piece is for them. Of course, it will be of interest to all security professionals...more
2/2/2024
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Mercedes-Benz ,
Risk Management ,
Vulnerability Assessments
On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform....more
2/2/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Italy ,
Personal Data ,
Statutory Violations
CYBERSECURITY -
Mozilla Releases Security Updates for Thunderbird and Firefox -
Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity &...more
1/31/2024
/ Baby Boomers ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
Generation Z ,
Location Data ,
Personally Identifiable Information ,
Vulnerability Assessments
CYBERSECURITY-
Mozilla Releases Security Updates for Thunderbird and Firefox -
Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity &...more
1/26/2024
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
FBI ,
Federal Trade Commission (FTC) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Location Data ,
Mozilla ,
Network Security ,
Vulnerability Assessments
OK boomers—instead of being on the end of an “OK boomer” comment, now you have some ammunition. Boomers have been reported to be less of a cybersecurity vulnerability to the workforce than Gen Z. An article by Karina Zapata...more
CYBERSECURITY -
SEC’s Hacked X Account Leads to Tumultuous Bitcoin Market -
The Securities and Exchange Commission has confirmed that its X account “was compromised, and an unauthorized post was posted.” The SEC...more
1/12/2024
/ 23andMe ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Genetic Materials ,
Hackers ,
Information Governance ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
State Data Privacy Laws ,
Twitter
We previously alerted readers to the fact that the most recent data compromise of 23andMe exposed data related to Ashkenazi Jews and individuals of Chinese descent. It is reported by Ars Technica, citing TechCrunch, that...more
1/12/2024
/ 23andMe ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
DNA ,
Genetic Materials ,
Genetic Testing ,
Human Genes ,
Life Sciences ,
Personally Identifiable Information ,
Pharmaceutical Industry
The Securities and Exchange Commission has confirmed that its X account “was compromised, and an unauthorized post was posted.” The SEC confirmed that it “has not approved the listing and trading of spot bitcoin...more
1/12/2024
/ Bitcoin ,
Cryptocurrency ,
Data Breach ,
Digital Currency ,
EFTs ,
Embedded Tweets ,
Exchange-Traded Products ,
Financial Instruments ,
Financial Markets ,
Securities and Exchange Commission (SEC) ,
Twitter
On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of...more