This week, Schneider Electric confirmed that it is investigating a security incident involving its JIRA internal development platform. The attacker group, “Grep,” allege that it stole 40 GB of data from the JIRA platform by...more
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware...more
11/1/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
North Korea ,
Personally Identifiable Information ,
Ransomware ,
Vulnerability Assessments
Connecticut Attorney General William Tong announced on October 21, 2024, that his office has settled a data breach case against Guardian Analytics, Inc. for $500,000. The data breach affected the personal information of...more
10/25/2024
/ Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Incident Response Plans ,
Personally Identifiable Information ,
Risk Assessment ,
Settlement
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the...more
10/24/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Microsoft ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
Scammers are always looking for new ways to dupe victims. If you battle your weight, you think about it a lot and are always looking for easier ways to lose some pounds. There is no easy way, but we are always looking for an...more
10/24/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Healthcare ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Prescription Drugs ,
Risk Management ,
Weight-Loss Products
On October 16, 2024, the New York Department of Financial Services (DFS) issued an Industry Letter to regulated entities entitled “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related...more
A new report published by the software company Egress this month, Phishing Threat Trends Report, is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and...more
The State of California, under the leadership of Governor Gavin Newsom, has taken the lead of its sister states in mobilizing resources to investigate the risks of the use of generative artificial intelligence (GenAI) tools...more
October is always a busy month for cybersecurity professionals. For the past 21 years, October has been an especially busy month for me as it is Cybersecurity Awareness Month. This means lots of employee education and...more
Everyone thinks they can spot a phishing email. If true, we would not see so many security incidents, data breaches, and ransomware attacks. The statistics are overwhelming that phishing emails are a significant cause of data...more
8/22/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
Personally Identifiable Information ,
Phishing Scams ,
Risk Management ,
Threat Management
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that in the second quarter of...more
7/25/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Microsoft ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage...more
7/25/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Infrastructure ,
Internet ,
Phishing Scams ,
Risk Management ,
Websites
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals.
According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by...more
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
Some writers (not from my great state of Rhode Island) act like Rhode Island has been behind the times when it comes to data privacy and security when discussing Rhode Island’s new privacy law. I feel a need to explain that...more
7/12/2024
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Notification Requirements ,
Personal Data ,
Privacy Policy ,
Rhode Island ,
State Privacy Laws
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all...more
July is Military Consumer Month. This month, we celebrate democracy and the past service of our veterans and those presently in service for protecting us and our democracy. Thank you so very much....more
The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close...more
TeamViewer, which provides remote connectivity products and services, announced that it detected a cybersecurity event on its internal IT system on June 26, 2024. TeamViewer stated that it did not affect the TeamViewer...more
It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March....more
Since I hang out with a lot of CISOs, and understand their pain points, I urge readers to send a “thank you” and “you are the best” message to their CISO. You can’t imagine the pressure and stress they are under to try to...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
5/28/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Failure to Notify ,
Financial Markets ,
Hackers ,
Information Technology ,
NYSE ,
Securities and Exchange Commission (SEC) ,
Settlement
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross...more
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/13/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Snapchat ,
Surveillance ,
TikTok