DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
Citing the “alarming growth” of cyberattacks in recent years, the U.S. Department of Health and Human Services (“HHS”) has issued a Notice of Proposed Rulemaking to modify the Health Insurance Portability and Accountability...more
CYBERSECURITY - Patch, Patch, Patch: Updates for Fortinet, Microsoft, and Adobe Products - Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky....more
CYBERSECURITY - HC3 Warns Healthcare Organizations about Akira Ransomware Group - The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that...more
In one of the most clear-eyed and sobering assessments of the cyberthreat China poses to our nation’s critical infrastructure, the country’s foremost cybersecurity leaders recently testified that the Chinese Communist Party...more
CYBERSECURITY CISOs: New Report Outlines Risks of LLMs - I hang out with a lot of Chief Information Security Officers (CISOs), so this piece is for them. Of course, it will be of interest to all security professionals...more
CYBERSECURITY - Mozilla Releases Security Updates for Thunderbird and Firefox - Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity &...more
CYBERSECURITY - Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP - Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
CYBERSECURITY - Joint Advisory on MOVEit Transfer Vulnerability Published - CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The...more
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
CYBERSECURITY - World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak - Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although...more
CYBERSECURITY - FBI Issues Notice to Health Industry Highlighting Risks of Unpatched Medical Devices - The FBI issued a Private Industry Notification targeted to the health care sector on September 12, 2022, warning...more
CYBERSECURITY - CISA/FBI Advisory Warns of Destructive Malware Used Against Ukraine - The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of...more
CYBERSECURITY - ECRI Names Cybersecurity Attacks as Top Health Technology Hazard for 2022 - ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device...more
CYBERSECURITY - FTC Warns Companies of Enforcement for Failing to Patch Log4j Vulnerability - In what I would describe as an unusual but interesting move by the Federal Trade Commission (FTC), on January 4, 2022, it...more
CYBERSECURITY - Update on Apache log4j and Kronos Security Incidents - It was a crazy weekend for cyber-attacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and...more
CYBERSECURITY - FBI Warning: M&A Activity Targeted by Ransomware Groups - The FBI issued a Private Industry Notification on November 2, 2021, warning companies that “ransomware actors are very likely using significant...more
CYBERSECURITY - Cyber Criminals Focusing on Clinics + Business Associates - As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient...more
CYBERSECURITY - CISA Issues Alert on Top Exploited Vulnerabilities - On July 28, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) issued a cybersecurity alert entitled “Top Routinely Exploited...more
CYBERSECURITY - Microsoft Issues Emergency Software Update for PrintNightmare Zero Day Vulnerability - Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center...more
The rapid expansion of data security and privacy laws and regulations — both in the United States and internationally — harbors the potential for substantial liability, with the consequence that cyber compliance has become an...more
CYBERSECURITY - Connecticut Insurance Department Reminds Licensees to Comply with Data Security Law - On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut...more