Returning to Work with Secure Systems
Following the update to the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) Enforcement and Penalty Guidelines, the Committee has continued to signal its intention to more heavily leverage...more
The proposed rule requires contractors to make annual affirmations regarding their cybersecurity maturity, thus increasing their risk of False Claims Act Liability. The proposed rule allows for limited use of Plans of...more
On December 26, 2023, the US Department of Defense (DoD) published its long-awaited proposed rule codifying the Cybersecurity Maturity Model Certification (CMMC) Program. The proposed CMMC rule will apply to all DoD...more
Anti-Cheat, Code-Signed Driver Abused to Bypass Privileges and Deploy Ransomware - Trend Micro researchers observed a ransomware infection in late July 2022 that involved a code-signed driver called "mhyprot2.sys", which...more
With cybersecurity legislation and regulation sweeping the country in response to a series of high-profile hacking and ransomware attacks, it was little surprise that cybersecurity was a topic at the recently concluded...more
The New York State Department of Financial Services (DFS) issued a letter to the cyber insurance community on February 4, 2021 that should signal a warning to many other businesses seeking to obtain or keep their...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
Earlier this month, it was reported that the National Security Agency (NSA) discovered a serious security flaw in Microsoft Windows 10 cryptographic functionality, CVE-2020-0601.That security flaw could render trust...more
Cybersecurity continues to be an imperative for the protection of the Department of Defense (DoD) and its contractors' supply chain. On June 19, 2019, the National Institute of Standards and Technology (NIST) issued two draft...more
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more
Almost all parties are required to exchange personal data as part of a merger and acquisition transaction. With data breaches on the rise, any buyer in a M&A transaction cannot afford to ignore privacy and data security...more
The Office of Inspector General for the Fed and CFPB has completed a report setting forth its findings from an audit in which it evaluated “selected security controls for protecting the [CFPB’s] consumerfinance.gov website...more
On February 16, 2016, California Attorney General Kamala Harris released guidance defining the minimum level of data security measures organizations should enact to comply with state laws governing the protection of personal...more
On February 25, 2016, the Office of the California Attorney General released its 2016 California Data Breach Report, which contains a compilation and analysis of the information provided to the Attorney General pursuant to...more
Recently, the Mortgage Bankers Association released “The Basic Components of an Information Security Program,” for small and medium size companies in the mortgage industry that may not have the resources to stay well-informed...more
Elaine M. Howle, the California State Auditor (“CSA”), released a report on August 25, 2015 on the results of her office’s audit of controls in the state’s information systems. The results of the audit generally were grim,...more
On August 11, 2015, the Office of Management and Budget (“OMB”) released a draft policy memo entitled “Improving Cybersecurity Protections in Federal Acquisitions.” The purpose of the memo is to provide federal agencies with...more