Information technology professionals—beware of SharpRhino—a malware variant attributed to threat actor cybercriminals associated with Hunters International. It is being reported that Hunters International is the “10th most...more
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the...more
8/9/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Colorado ,
Discrimination ,
Machine Learning ,
Risk Assessment ,
Risk Mitigation ,
Risk-Based Approaches ,
State Legislatures
On August 1, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced the appointment of its first CISA Chief Artificial Intelligence Officer. The appointee, Lisa Einstein, served as CISA’s Senior Advisor...more
HealthEquity, an administrator of workplace benefits for more than 15 million people, is notifying 4.3 million individuals, starting on August 9, 2024, that their personal information was compromised. The compromised data...more
Anecdotally, we know that cybercriminals hailing from Russia are a significant risk to U.S.-based and world companies and governmental entities. With two convicted Russian cybercriminals being released this week in the...more
It is heartwarming that 16 prisoners, including innocent ex-Marine Paul Whelan and Wall Street Journal reporter Evan Gershkovich, have been freed from their wrongful imprisonment in Russia in exchange for 24 convicted Russian...more
The city of Columbus, Ohio, announced on May 29, 2024, that it was forced to take its systems offline due to a ransomware attack. According to its notice, the attack was perpetrated by “an established, sophisticated threat...more
It is sometimes hard to identify a scam, especially when it involves payment with a check. We are all wary of promises to pay electronically and to provide our bank account numbers for direct access to our bank account (well,...more
On July 10, 2024, the U.S. District Court for the Eastern District of Wisconsin granted plaintiffs’ Motion for Final Approval of a $12.2 million proposed settlement by Advocate Aurora Health to settle allegations against the...more
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that in the second quarter of...more
7/25/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Microsoft ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage...more
7/25/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Infrastructure ,
Internet ,
Phishing Scams ,
Risk Management ,
Websites
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals.
According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by...more
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
Some writers (not from my great state of Rhode Island) act like Rhode Island has been behind the times when it comes to data privacy and security when discussing Rhode Island’s new privacy law. I feel a need to explain that...more
7/12/2024
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Notification Requirements ,
Personal Data ,
Privacy Policy ,
Rhode Island ,
State Privacy Laws
Security research firm Halcyon recently reported that it “encountered” a new ransomware organization dubbed Volcano Demon several times in the past few weeks....more
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all...more
July is Military Consumer Month. This month, we celebrate democracy and the past service of our veterans and those presently in service for protecting us and our democracy. Thank you so very much....more
The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close...more
TeamViewer, which provides remote connectivity products and services, announced that it detected a cybersecurity event on its internal IT system on June 26, 2024. TeamViewer stated that it did not affect the TeamViewer...more
In the Biden Administration’s continuing effort to reduce the risk of cybersecurity spyware from foreign adversaries, including Russia, the United States Department of Commerce (Commerce) issued a final rule (Rule) on June...more
I always watch what the federal government requires of its employees’ use of technology to get a feel for risks and what is coming down the pike from a regulatory standpoint—this has been going on for years. That’s why I was...more
It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March....more
Impersonation schemes are on the rise, and artificial intelligence (including deep fakes and voice cloning) will only make these schemes more difficult to detect.
Threat actors are emboldened, evidenced by the fact that...more
TikTok has reported that it is responding to a cyber attack targeting a limited number of known brands and celebrity accounts. The BBC has identified that Paris Hilton’s account as being targeted, but TikTok says it was not...more
On June 2, 2024, cloud service provider Snowflake reported increased cyber threat activity targeting some of its customer’s accounts. Snowflake recommended that customers review unusual activity to detect and prevent...more