A Microsoft blog post reported that incident response researchers uncovered a remote access trojan in November 2024 (dubbed StilachiRAT) that “demonstrates sophisticated techniques to evade detection, persist in the target...more
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday, March 11, 2025, that the Multi-State Information Sharing and Analysis Center (MS-ISAC) will lose its federal funding and cooperative agreement...more
3/13/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Funding ,
Government Agencies ,
Information Sharing ,
Infrastructure ,
National Security ,
Risk Management ,
State and Local Government
Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more
CrowdStrike recently published its 2025 Global Threat Report, which among other conclusions, emphasized that social engineering tactics aimed to steal credentials grew an astounding 442% in the second half of 2024....more
According to a new LayerX report, most users are logging into GenAI tools through personal accounts that are not supported or tracked by an organization’s single sign on policy. These logins to AI SaaS applications are...more
3/6/2025
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Machine Learning ,
Privacy Policy ,
Risk Management ,
Risk Mitigation ,
SaaS ,
Software
In another “hard lesson learned” case, on Monday, February 24, 2025, a federal district court sanctioned three lawyers from the national law firm Morgan & Morgan for citing artificial intelligence (AI)-generated fake cases in...more
The Trump administration has systematically fired federal privacy- and security-focused employees since taking office.
Three members of the bipartisan, independent agency, the Privacy and Civil Liberties Oversight Board...more
2/28/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Government Efficiency (DOGE) ,
Employees ,
FOIA ,
Government Agencies ,
Office of Personnel Management (OPM) ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Risk Management ,
Trump Administration ,
Veterans
The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more
If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer...more
Soon after the Chinese generative artificial intelligence (AI) company DeepSeek emerged to compete with ChatGPT and Gemini, it was forced offline when “large-scale malicious attacks” targeted its servers. Speculation points...more
2/7/2025
/ Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Machine Learning ,
National Security ,
Privacy Laws ,
Risk Management
Last year, the Illinois Judicial Conference Task Force on Artificial Intelligence (IJC) was created to develop recommendations for how the Illinois Judicial Branch should regulate and use artificial intelligence (AI) in the...more
1/31/2025
/ Artificial Intelligence ,
Data Privacy ,
Equal Protection ,
Illinois ,
Judges ,
Legal Technology ,
Machine Learning ,
Regulatory Agenda ,
Risk Management ,
Rules of Professional Conduct ,
State and Local Government
On January 22, 2025, the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint advisory related to previous vulnerabilities in the Ivanti Cloud Service Appliance,...more
Well, it was good while it lasted. Former President Biden issued an Executive Order (EO) in October 2023 designed to start the discussion and development of guardrails around using artificial intelligence (AI) in the United...more
CyberArk, an identity security provider, has issued a new report on employee risk that is a must-read for IT Professionals and executives. The report highlights several findings that are directly related to the risks...more
Scammers prey on us when we are most vulnerable. Although some of us are early holiday shoppers, others wait until the last minute to complete their holiday shopping....more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the...more
10/24/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Microsoft ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
Scammers are always looking for new ways to dupe victims. If you battle your weight, you think about it a lot and are always looking for easier ways to lose some pounds. There is no easy way, but we are always looking for an...more
10/24/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Healthcare ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Prescription Drugs ,
Risk Management ,
Weight-Loss Products
On October 16, 2024, the New York Department of Financial Services (DFS) issued an Industry Letter to regulated entities entitled “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related...more
Unfortunately, when natural disasters hit innocent victims and good-natured people want to help those in need, scammers swoop in to manipulate the bleak situation to commit fraud or price gouging.
Following Hurricanes...more
The National Institute of Standards and Technology (NIST) has issued helpful recommendations for consumers to consider when securing home routers. The publication, issued on September 10, 2024, emphasizes how important it is...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based...more
We have previously suggested that conducting cybersecurity tabletop exercises are an important part of testing your incident response program and response to different scenarios....more
Everyone thinks they can spot a phishing email. If true, we would not see so many security incidents, data breaches, and ransomware attacks. The statistics are overwhelming that phishing emails are a significant cause of data...more
8/22/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
Personally Identifiable Information ,
Phishing Scams ,
Risk Management ,
Threat Management
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that in the second quarter of...more
7/25/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Microsoft ,
Ransomware ,
Risk Management ,
Vulnerability Assessments