Despite bipartisan support for banning TikTok – essentially spyware presenting a national security threat from the People’s Republic of China (PRC) – in the United States (as done by India) and the Supreme Court’s upholding...more
1/24/2025
/ China ,
Data Privacy ,
Executive Orders ,
Free Speech ,
Mobile Apps ,
National Security ,
Privacy Laws ,
SCOTUS ,
Sensitive Personal Information ,
Social Media ,
Spyware ,
TikTok ,
Trump Administration
Well, it was good while it lasted. Former President Biden issued an Executive Order (EO) in October 2023 designed to start the discussion and development of guardrails around using artificial intelligence (AI) in the United...more
This week, I received a fake text message (a smish) saying my E-ZPass account was overdue and that I urgently needed to pay it. That’s a new one and, apparently, quite effective. Luckily, I knew it was a scam, but others were...more
CyberArk, an identity security provider, has issued a new report on employee risk that is a must-read for IT Professionals and executives. The report highlights several findings that are directly related to the risks...more
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26,...more
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states....more
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this...more
The United States Supreme Court announced on December 18, 2024, that it will hear the TikTok ban case and has scheduled oral arguments to be held on January 10, 2025, before the ban’s effective date of January 19, 2025....more
Scammers prey on us when we are most vulnerable. Although some of us are early holiday shoppers, others wait until the last minute to complete their holiday shopping....more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
I often get asked whether law enforcement is making any headway in catching cybercriminals. Although it is a challenging task, a recent example of a big win for law enforcement deserves celebration....more
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
12/12/2024
/ Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Right of Access ,
Settlement
My home state of Rhode Island may be the smallest in the union, but it has taken on a significant initiative to implement the Protective Domain Name Service (PDNS) in all 64 public school districts. PDNS, an initiative...more
The Federal Trade Commission (FTC) has been on a mission to get the message across that it is serious about companies collecting, using, and selling sensitive location data of consumers and that it is closely watching these...more
I have commented before that I do not enable location-based services unless I use an app that requires it, like a ride-sharing app or directions. One of the reasons is to prevent data brokers and others from using precise...more
According to statements by the Cybersecurity and Infrastructure Security Agency (CISA), the People’s Republic of China-backed (PRC) hacking group Salt Typhoon, which attacked telecommunications providers last month, is still...more
The Town of Enfield, New Hampshire, appears to have been the victim of a man-in-the-middle scheme involving the transfer of $742,000 to a fraudulent bank account. The town is constructing a new $7.2 million public safety...more
The U.S.-China Economic and Security Review Commission, released its annual report to Congress this month. The 793-page report responds to the Commission’s mandate to “monitor, investigate, and report to Congress on the...more
The Federal Trade Commission provides consumers with tips and advice, including online privacy. Its Scam Alerts are helpful and timely....more
DocuSign is a great and efficient way to obtain authentic signatures for contracts and invoices. As with other efficient tools, threat actors will and have found a way to use the DocuSign API to send fake invoices to divert...more
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the...more
I admit that when I am looking online for restaurants, consumer products, and places to stay, I generally look at reviews and they influence my decision. However, there have been numerous reports that reviews are often fake...more
The city of Columbus, Ohio, announced on May 29, 2024, that it was forced to take its systems offline due to a ransomware attack. According to its notice, the attack was perpetrated by “an established, sophisticated threat...more
This week, Schneider Electric confirmed that it is investigating a security incident involving its JIRA internal development platform. The attacker group, “Grep,” allege that it stole 40 GB of data from the JIRA platform by...more
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware...more
11/1/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
North Korea ,
Personally Identifiable Information ,
Ransomware ,
Vulnerability Assessments