According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
7/10/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Information Technology ,
Risk Mitigation ,
Vulnerability Assessments
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies...more
CYBERSECURITY -
Joint Advisory on MOVEit Transfer Vulnerability Published -
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The...more
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection...more
6/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people....more
Tennessee, Montana, Iowa, and Indiana have each recently passed a consumer privacy statute in recent weeks. These laws follow the same trend started by California’s Consumer Privacy Act by granting consumers the right to know...more
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell...more
5/19/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
While recently speaking at a conference hosted by Vanderbilt University, Jen Easterly, the Director of the Cybersecurity Infrastructure Security Agency (CISA) urged the development of regulations around the use of artificial...more
OpenAI, the developer of ChatGPT, has stated that it suffered a potential data breach in ChatGPT’s source code due to a vulnerability in the software. OpenAI “took ChatGPT offline…due to a bug in an open-source library which...more
Slow down when adopting and using Artificial Technology tools (AI). There are a number of issues that have been presented in literature regarding the use of AI tools, one of which centers around ethical concerns....more
CYBERSECURITY -
FDD Suggests Space Systems be Designated as Critical Infrastructure -
The Foundation for Defense of Democracies (FDD) issued a Report late last week entitled Time to Designate Space Systems as Critical...more
CYBERSECURITY -
Clop Claims Zero-Day Attacks Against 130 Organizations -
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in...more
3/31/2023
/ Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Hackers ,
Ransomware ,
Russia
As artificial intelligence, also known as “AI” becomes more of a household word, it is worth pointing out not only how cool it can be, but also how some uses raise privacy concerns....more
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
3/30/2023
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Legal Representatives ,
New York ,
PHI ,
State Attorneys General
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing...more
3/30/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Security ,
Information Technology ,
Ransomware ,
Russia ,
Vulnerability Assessments
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
3/24/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
TikTok ,
Vulnerability Assessments
The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a joint cybersecurity advisory, warning organizations about indicators of compromise, and tactics, techniques, and...more
3/24/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Joint Statements ,
Popular ,
Ransomware ,
Threat Management ,
Vulnerability Assessments
CYBERSECURITY -
World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak -
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
2/9/2023
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Popular ,
Social Engineering ,
Vulnerability Assessments
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although...more
2/3/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Risk Mitigation ,
Vulnerability Assessments ,
World Economic Forum
CYBERSECURITY -
Chick-Fil-A Sued for Sharing Data through Meta Pixel -
While plaintiffs’ attorneys were initially focused late last year on suing health care entities for using Pixel and other tracking technology to share...more
1/27/2023
/ California Privacy Rights Act (CPRA) ,
Chick-Fil-A ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Data-Sharing ,
Fast-Food Industry ,
Popular ,
Scams ,
Statutory Violations ,
T-Mobile ,
Web Tracking
While plaintiffs’ attorneys were initially focused late last year on suing health care entities for using Pixel and other tracking technology to share information about website users with social media platforms such as Meta...more
1/27/2023
/ Chick-Fil-A ,
Class Action ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Facebook ,
Fast-Food Industry ,
Statutory Violations ,
Targeted Digital Advertising ,
Tracking Systems ,
Video Privacy Protection Act ,
Web Tracking
On January 22, 2023, T-Mobile was sued in federal court in California alleging negligence, unjust enrichment, breach of express contract, breach of implied contract, and invasion of privacy over the recently-disclosed data...more
1/26/2023
/ Breach of Implied Contract ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
Express Contract Terms ,
Invasion of Privacy ,
Negligence ,
Personally Identifiable Information ,
T-Mobile ,
Telecommunications ,
Unjust Enrichment ,
Wireless Industry
CYBERSECURITY -
235 Million Twitter User Email Addresses Posted on Hacking Forum -
Israeli cybersecurity firm Hudson Rock has reported that the email addresses of more than 235 million Twitter users have been stolen and...more
Colorado Attorney General Phil Weiser’s office recently published an updated version of the draft rules governing the Colorado Privacy Act, which goes into effect on July 1, 2023. The updates build upon the original draft...more