DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
On July 20, 2025, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) issued urgent warnings about new, actively exploited vulnerabilities in Microsoft SharePoint Server. These vulnerabilities, known as...more
In the continuously evolving landscape of cyber threats, organizations must be proactive in identifying and mitigating potential risks to their digital assets and operations. A critical step in building cyber resilience is...more
To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory warning organizations about the Phobos ransomware, and...more
Strategies for Mitigating Unseen Threats and Managing 4th- and Nth-Party Risk in Your Modern Business. Organizations today have transitioned from using on-site server rooms to relying on third-party services and cloud...more
On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on...more
The International Committee of the Red Cross (ICRC) has taken a new step to regulate the activities of civilian hackers in conflict zones. To address the rise in the involvement of civilian hackers in inter-state conflicts,...more
Key Points: Illumina DNA sequencing machines are vulnerable to exploitation. Both the Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have published advisories urging all...more
In its continued effort to keep industry apprised of threats facing companies in the U.S., CISA recently issued a Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities that is helpful to get up to speed on top...more
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
EPA Aims to Mitigate Risk of Cyberattack on Public Water Systems On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued its Memorandum Addressing Public Water System (PWS) Cybersecurity in Sanitary Surveys or...more
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although...more
The modern security ecosystem is diverse and ever-changing, a place where cyber risk is top of mind for leaders at all levels, and threats to information / data security and privacy evolve at the speed of the technical...more
As the 118th Congress prepares to take office, those who may be targets of a new congressional agenda emphasizing government investigations should assess and address their vulnerabilities. Top industry targets for...more
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
Why are you operating your physical security program? What threats are you trying to protect against? What specific risks to your organization and enterprise are you trying to mitigate? If you cannot quickly and...more
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
Researchers from the Mozilla Foundation reviewed the privacy policies of 32 mental health apps ranging from guided meditation to telehealth counseling services and flagged 28 of them as having “Privacy Not Included.” In...more
We have previously alerted you to vishing and smishing schemes. A new scheme, using QR codes, is called QRishing or quishing. According to security company Abnormal, between September 15 and October 13, 2021, it identified a...more
The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency recently issued two joint alerts to critical infrastructure entities—one addressing BlackMatter...more
The US Department of Justice (DOJ) now has more ammunition and resources than ever to use data analytics in their investigations. The convergence of better technology, increasingly usable data sets, and the ripe combination...more
Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more
The rapid expansion of data security and privacy laws and regulations — both in the United States and internationally — harbors the potential for substantial liability, with the consequence that cyber compliance has become an...more
Learning Objectives: - Learn what triggers a prescriber audit, define “best practice” and discuss state opioid prescribing requirements - Discuss how to effectively respond to a government inquiry/investigation:...more
Stichting Internet Domeinregistratie Nederland or SIDN, the Registry operator of the country code Top Level Domain (ccTLD) .NL (the Netherlands) appears to be increasing its efforts in its fight against cybercrime....more
Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion - Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in...more