In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this...more
11/6/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Failure To Disclose ,
Information Technology ,
Investment Fraud ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
SolarWinds
According to a press release, Personal Touch, a home health company located on Long Island, has reached a settlement with New York Attorney General Letitia James for $350,000 for a data breach that occurred in January of 2021...more
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include...more
The Cybersecurity & Infrastructure Security Agency, FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability...more
10/23/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Ransomware ,
Vulnerability Assessments
On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations....more
10/23/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
10/13/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot....more
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch...more
9/22/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the...more
9/8/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
Ransomware ,
The Joint Commission
State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact...more
8/25/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Information Technology ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS)....more
In its continued effort to keep industry apprised of threats facing companies in the U.S., CISA recently issued a Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities that is helpful to get up to speed on top...more
CYBERSECURITY -
SEC Adopts New Cybersecurity Rules for Public Companies -
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public...more
7/28/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Machine Learning ,
Securities and Exchange Commission (SEC)
On Monday, July 24, 2023, Apple issued a security update to address vulnerabilities that have been linked to a spyware campaign. iOS 16.6 fixes 25 iPhone security flaws, several of which are being exploited by threat actors...more
7/28/2023
/ Apple ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Information Technology ,
iPhone ,
Mobile Devices ,
Network Security ,
Operating System Developers ,
Risk Management ,
Vulnerability Assessments
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
7/10/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Information Technology ,
Risk Mitigation ,
Vulnerability Assessments
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection...more
6/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell...more
5/19/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Threat actors never cease to find innovative ways to extort their victims. If only threat actors would use their creativity for good causes....more
Not a moment goes by without receiving a new alert of some sort about artificial intelligence (AI). The proliferation of articles and comments about AI is astounding. It is a hot topic to say the least....more
Researchers at WithSecure cybersecurity firm have seen two malware attacks against Veeam Backup and Replication servers believed to be initiated by cybercrime group FIN7, also known as Carbon Spider, which has also been...more
5/4/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Ransomware ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing...more
3/30/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Security ,
Information Technology ,
Ransomware ,
Russia ,
Vulnerability Assessments
The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a joint cybersecurity advisory, warning organizations about indicators of compromise, and tactics, techniques, and...more
3/24/2023
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Joint Statements ,
Popular ,
Ransomware ,
Threat Management ,
Vulnerability Assessments
CYBERSECURITY -
World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak -
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
2/9/2023
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Popular ,
Social Engineering ,
Vulnerability Assessments
The Federal Communications Commission (FCC) will categorically ban devices over national security concerns for the first time in history. Per a new order, the FCC will prohibit the import and sale of devices produced by...more
12/9/2022
/ China ,
FCC ,
Foreign Policy ,
Huawei ,
Information Technology ,
National Security ,
Prohibited Transactions ,
Supply Chain ,
Telecommunications ,
TikTok ,
ZTE
Palo Alto’s Unit 42 recently issued a threat assessment alert outlining a new phishing scam that is unique and successful. The scam is believed to be carried out by the Luna Moth/Silent Ransom Group and is targeting...more