LATEST POST
Hackers leveraging AI: vulnerability for law firms
Don Nokes of NetCenergy, an outsourced IT service provider, explains the emerging threat and provides this example: Once the bad actors learn (possibly from first hacking a firm’s email) that a financial transaction is taking place, they send an AI-generated voice message to confirm where to send the funds. The fund transferer hears the familiar […]
Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach
Several days ago, The Data Breach Times noted an article expressing concern about cybersecurity in India. That article, which referenced data from a study by Check Point, also noted that one of the main sectors being attacked during the past six months was healthcare. Data leaks due to misconfigured storage devices also continue to pose […]
Ex-NSA techie pleads guilty to selling state secrets to Russia
Disgruntled former employees and other malicious insiders are a major source of data breaches and data loss. The Register reports on an insider threat that could have had serious consequences for national security: A former US National Security Agency techie has plead guilty to six counts of violating the Espionage Act after being caught handing […]
Changes to Notification and Security Requirements Continue at the Federal Level
In October 2023, Perkins & Coie published an update to existing federal breach notification laws. They write: Following last year’s passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) (rulemaking for which should formally commence in 2024), the major action on the federal front this year came from the SEC, which formalized disclosure […]
Updates to state laws on security requirements
In October 2023, Perkins & Coie published an update to state laws for data security requirements: In addition to revisions to breach notification statutes, states are making a variety of changes to substantive data security obligations. Changes applicable to private companies include: For details on the above, see the Perkins & Coie article on their […]
Changes to Breach Notification Requirements Continue at State Level
In October 2023, Perkins Coie published an update to existing state breach notification laws. Pennsylvania The first major update to Pennsylvania’s Breach of Personal Information Notification Act was passed earlier this year. The updates include a range of changes consistent with those adopted in other states in the last several years, so these updates are unlikely […]
Okta’s latest hack fallout hits Cloudflare, 1Password
TechCrunch reports: Network and security giant Cloudflare and password manager maker 1Password said hackers briefly targeted their systems following a recent breach of Okta’s support unit. Both Cloudflare and 1Password said their recent intrusions were linked to the Okta breach, but that the incidents did not affect their customer systems or user data. “We immediately terminated […]
Phishing Guidance: Stopping the Attack Cycle at Phase One
Posted by CISA.gov, this guidance also has tips for small and medium businesses: This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for […]