CYBERSECURITY
HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks -
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing...more
4/12/2024
/ California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Information Technology ,
Risk Management
The recent increase in smishing and vishing schemes is prompting me to remind readers of schemes designed to trick users into providing credentials to perpetrate fraud. We have previously written on phishing, smishing,...more
This week is National Consumer Protection Week. Based on the recent statistics published by the FTC on online, digital, and voice scamming, consumers sorely need more help protecting themselves from scams....more
In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt...more
The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated...more
The Federal Trade Commission (FTC) keeps track of scams that are reported to it and summarizes those scams in a report outlining the most successful scams of the prior year....more
Most organizations and online platforms use multifactor authentication (MFA) (also called two-factor authentication) to confirm that the user is an authorized individual and not a scammer or fraudster. We have all been...more
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid...more
2/8/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
CYBERSECURITY CISOs:
New Report Outlines Risks of LLMs -
I hang out with a lot of Chief Information Security Officers (CISOs), so this piece is for them. Of course, it will be of interest to all security professionals...more
2/2/2024
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Mercedes-Benz ,
Risk Management ,
Vulnerability Assessments
OK boomers—instead of being on the end of an “OK boomer” comment, now you have some ammunition. Boomers have been reported to be less of a cybersecurity vulnerability to the workforce than Gen Z. An article by Karina Zapata...more
There was a big win for the good guys against the bad guys this week. On December 13, 2023, after obtaining an order from the federal court in the Southern District of New York to seize U.S. based infrastructure and take...more
The Office of the Controller of the Currency (OCC) issues a semiannual risk perspective report that “addresses key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their...more
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include...more
On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations....more
10/23/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
I was preparing to teach my next privacy law class on the subject matter of online privacy, when I discovered a good article (though in full disclosure, it is an ad) on protecting your privacy and personal information online....more
We have posted blogs before on sharing genetic information and the risk associated with the disclosure of such sensitive information.
Unfortunately, our concerns have been realized....more
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
10/13/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and the National Cybersecurity Alliance will “focus on ways to “Secure Our...more
We have been keeping a keen eye on the explosion of the use of artificial intelligence (AI) tools and generative AI. We are assisting clients with Governance Programs to formulate a process to evaluate the use of AI in their...more
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch...more
9/22/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive...more
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than...more
9/7/2023
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Elder Issues ,
Federal Trade Commission (FTC) ,
Risk Management ,
Scams
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS)....more
I hate to say, “I told you so,” but I did. I have repeatedly warned against scanning QR codes. Following the pandemic and scanning QR codes at restaurants, people have become very comfortable with scanning QR codes, don’t...more
On Monday, July 24, 2023, Apple issued a security update to address vulnerabilities that have been linked to a spyware campaign. iOS 16.6 fixes 25 iPhone security flaws, several of which are being exploited by threat actors...more
7/28/2023
/ Apple ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Information Technology ,
iPhone ,
Mobile Devices ,
Network Security ,
Operating System Developers ,
Risk Management ,
Vulnerability Assessments