It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive...more
CYBERSECURITY -
Joint Advisory Warns of Snatch Ransomware -
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of...more
VMware provides multi-cloud services, products, and solutions for its customers, including VMware Tools. On September 1, 2023, VMware released a security update for a vulnerability in VMware Tools. According to the...more
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than...more
9/7/2023
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Elder Issues ,
Federal Trade Commission (FTC) ,
Risk Management ,
Scams
CYBERSECURITY -
Joint Commission Issues Alert on Patient Safety After a Cyber-Attack -
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,”...more
CYBERSECURITY -
CISA Issues Four More Industrial Control Systems Advisories -
On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control...more
8/25/2023
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Governance ,
Machine Learning ,
Personal Data ,
Vulnerability Assessments
State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact...more
8/25/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Information Technology ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
CYBERSECURITY -
CISA Issues Two Industrial Control Systems Advisories -
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and...more
8/21/2023
/ California Privacy Protection Agency (CPPA) ,
Connected Cars ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
QR Codes ,
Regulatory Agenda ,
Vulnerability Assessments
CYBERSECURITY -
SEC Adopts New Cybersecurity Rules for Public Companies -
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public...more
7/28/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Machine Learning ,
Securities and Exchange Commission (SEC)
Amid growing concern of the use of AI tools, Congressional questioning and hearings, and the lack of regulation around its use, at least seven technology firms have signed on to follow voluntary commitments to oversee how AI...more
CYBERSECURITY -
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP -
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
7/24/2023
/ Adobe ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
EU ,
Hackers ,
Machine Learning ,
Vulnerability Assessments
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
7/10/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Information Technology ,
Risk Mitigation ,
Vulnerability Assessments
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies...more
BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages....more
7/10/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
BNSF Railway ,
Calculation of Damages ,
Damages ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
New Trial ,
Personal Data ,
Personally Identifiable Information
CYBERSECURITY -
Joint Advisory on MOVEit Transfer Vulnerability Published -
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The...more
Montana Governor Greg Gianforte has signed SB 351, the Genetic Information Privacy Act (GINA), which “requires an entity to provide consumer information regarding the collection, use, and disclosure of genetic data; providing...more
EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people....more
Tennessee, Montana, Iowa, and Indiana have each recently passed a consumer privacy statute in recent weeks. These laws follow the same trend started by California’s Consumer Privacy Act by granting consumers the right to know...more
Researchers at Meta, the owner of Facebook released a report this week that indicated that, since March 2023, Meta “has blocked and shared with our industry peers more than 1,000 malicious links from being shared across our...more
CYBERSECURITY -
FDD Suggests Space Systems be Designated as Critical Infrastructure -
The Foundation for Defense of Democracies (FDD) issued a Report late last week entitled Time to Designate Space Systems as Critical...more
Many companies are exploring the use of generative artificial intelligence technology (“AI”) in day-to-day operations. Some companies prohibit the use of AI until they get their heads around the risks. Others are allowing the...more
CYBERSECURITY -
Clop Claims Zero-Day Attacks Against 130 Organizations -
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in...more
3/31/2023
/ Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Hackers ,
Ransomware ,
Russia
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
3/24/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
TikTok ,
Vulnerability Assessments
CYBERSECURITY -
World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak -
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
2/9/2023
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Popular ,
Social Engineering ,
Vulnerability Assessments