According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20, Nobelium, or Cozy Bear), “demonstrate[s] sophistication and the ability to rapidly integrate...more
Online mortgage lender Lending Tree sent breach notification letters to affected individuals on June 29, 2022. The letter advises those persons that their name, social security number...more
CYBERSECURITY -
Joint Advisory Warns of MedusaLocker Ransomware -
A recently-issued joint advisory by the FBI, the Cybersecurity and Infrastructure Security Agency, the Financial Crimes Enforcement Network, and the...more
A recently-issued joint advisory by the FBI, the Cybersecurity and Infrastructure Security Agency, the Financial Crimes Enforcement Network, and the Treasury Department warns that MedusaLocker ransomware “targets...more
CYBERSECURITY -
Karakurt Extortion Group Auctions Data for Ransom -
On June 2, 2022, CISA (the Cybersecurity and Infrastructure Security Agency), the FBI, the Department of the Treasury and the Financial Crimes...more
A joint advisory issued June 7, 2022, by the Cybersecurity & Infrastructure Security Agency, FBI and the National Security Agency entitled “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and...more
6/9/2022
/ China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
National Security Agency (NSA) ,
Network Security ,
Popular ,
Vulnerability Assessments
CYBERSECURITY -
Verizon’s 2022 Data Breach Investigations Report: A Must Read -
I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just...more
6/3/2022
/ California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Personally Identifiable Information ,
Popular ,
Regulatory Reform ,
Vulnerability Assessments
I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. Just goes to show how long I have been working on data breaches. It is always written in...more
6/2/2022
/ Botnets ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Phishing Scams ,
Popular ,
Vulnerability Assessments
I am not a huge fan of using chatbots, as I never end up getting my questions fully answered. I get the efficiency of using a chatbot for simple questions, but my questions are usually not so easily resolved, so I end up...more
The Chicago Public Schools system is in the process of notifying students, families and some current and former employees that their personal information was compromised as a result of a ransomware attack against a technology...more
CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small Business Survey, despite...more
5/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Military Conflict ,
Popular ,
Russia ,
Small Business ,
Ukraine ,
Vulnerability Assessments
CYBERSECURITY NIST -
Releases Guidance on Supply Chain Security -
The National Institute of Standards and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain...more
5/13/2022
/ American Civil Liberties Union (ACLU) ,
Clearview AI ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
New Guidance ,
New Legislation ,
NIST ,
Personal Data ,
Popular ,
Privacy Laws ,
Ransomware ,
Supply Chain
Connecticut Governor Ned Lamont signed the Personal Data Privacy and Online Monitoring Act (CPDPA) into law on May 10, 2022, making Connecticut the most recent state to pass its own privacy law in the absence of comprehensive...more
5/13/2022
/ Connecticut ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Governance ,
Information Technology ,
New Legislation ,
Personal Data ,
Regulatory Reform ,
State Privacy Laws
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
5/12/2022
/ Biden Administration ,
China ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Information Technology ,
New Guidance ,
NIST ,
Popular ,
Risk Management ,
Russia ,
Software ,
Supply Chain ,
Vulnerability Assessments
CYBERSECURITY -
Education Sector Continues to Get Hit with Ransomware Attacks -
According to Emsisoft, the education sector continues to experience ransomware attacks, with a whopping 1,043 schools affected by ransomware...more
5/6/2022
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Mobile Apps ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Vulnerability Assessments
According to Emsisoft, the education sector continues to experience ransomware attacks, with a whopping 1,043 schools affected by ransomware in 2021. This statistic breaks down to 62 school districts and 26 colleges and...more
CYBERSECURITY -
State Department Offers $10M Reward for Information on Russian Officers Involved in Malicious Cyber Activities -
The U.S. Department of State has announced a $10 million reward for “information leading to...more
I traveled this week by plane to a client to conduct a cybersecurity tabletop exercise—one of my favorite things to do (the tabletop, not the flying). -
To be able to use the wi-fi, everyone instructed in the gate area was...more
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations...more
The U.S. Department of State has announced a $10 million reward for “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government,...more
4/28/2022
/ Computer Fraud and Abuse Act (CFAA) ,
Criminal Conspiracy ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Guidance ,
Malware ,
Rewards ,
Russia ,
US Department of State
CYBERSECURITY -
Intelligence Points to Likely Russian Attacks on Critical Infrastructure -
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the...more
4/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Hackers ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Russia ,
Scams ,
Ukraine
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn...more
4/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Military Conflict ,
Regulatory Agencies ,
Risk Management ,
Russia ,
Ukraine ,
Vulnerability Assessments
CYBERSECURITY -
DOJ Takes Down RaidForums' Website -
In an action against what has been described as one of the largest hacker forums in the world, the U.S. Department of Justice (DOJ) announced on April 12, 2022, that...more
4/15/2022
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Network Security ,
Personal Data ,
Popular ,
Scams
Microsoft released its monthly patches this week to fix 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe. One of the vulnerabilities (CVE-2022-24521 Windows Common...more
CYBERSECURITY -
State Department Establishes Bureau of Cyberspace and Digital Policy -
The Department of State’s new Bureau of Cyberspace and Digital Policy (CDP) commenced operations on April 4, 2022. According to an...more
4/8/2022
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Enforcement Actions ,
Information Governance ,
Information Technology ,
Personal Data ,
Popular ,
Scams