On December 15, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Secure by Design Alert and guidance on “How Manufacturers Can Protect Customers by Eliminating Default Passwords.”...more
We previously wrote about how toys, baby monitors, and other smart devices collect, use, and disclose personal information about children, and risks to children’s privacy. As adults responsible for the safety of children in...more
There was a big win for the good guys against the bad guys this week. On December 13, 2023, after obtaining an order from the federal court in the Southern District of New York to seize U.S. based infrastructure and take...more
On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on...more
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24...more
11/17/2023
/ Cybersecurity ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New York ,
Patient Privacy Rights ,
PHI ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
Boeing has confirmed that its parts and distribution site has been attacked by LockBit ransomware, which is believed to be Russian based. Boeing has said that the attack has not affected flight safety. Boeing is investigating...more
Let us take time this week to thank current members of the military and all veterans for their service in protecting our country and democracy. As the daughter of a veteran, I am profoundly grateful to all of our service...more
CYBERSECURITY -
Hackers Steal $4.4M Crypto Using Data Linked to LastPass Breach -
According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25,...more
11/8/2023
/ Artificial Intelligence ,
Biden Administration ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
SolarWinds
CYBERSECURITY -
Hackers Steal $4.4M Crypto Using Data Linked to LastPass Breach -
According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25,...more
11/7/2023
/ Artificial Intelligence ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Drones ,
Hackers ,
Imports ,
Popular ,
Ransomware ,
SolarWinds
In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this...more
11/6/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Information Technology ,
Investment Fraud ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
SolarWinds
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include...more
The Cybersecurity & Infrastructure Security Agency, FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability...more
10/23/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Ransomware ,
Vulnerability Assessments
CYBERSECURITY -
CISA Launches Cybersecurity -
Public Awareness Campaign To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and...more
10/16/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Electronic Protected Health Information (ePHI) ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
10/13/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The information you provide to your tax preparer is as sensitive as it gets. The assumption is that the tax preparation company is only using your data to prepare your taxes. In an enforcement action against Beneficial Corp.,...more
CYBERSECURITY -
CISA Launches Cybersecurity Public Awareness Campaign -
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA...more
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and the National Cybersecurity Alliance will “focus on ways to “Secure Our...more
There is a lot of chatter out there around the uses of artificial intelligence (AI) for cybersecurity. For example, Applied Sciences published a paper on how AI can be used for mobile malware detection, and Gartner has...more
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan....more
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot....more
CYBERSECURITY -
High Alert: China Linked BlackTech Hides in Router Firmware -
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years...more
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch...more
9/22/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive...more
CYBERSECURITY -
Joint Advisory Warns of Snatch Ransomware -
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of...more
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the...more
9/8/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
Ransomware ,
The Joint Commission