Commentaries and Analyses – Page 148

CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act

Posted on September 26, 2022 by Dissent

Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022…

Correction

Posted on September 23, 2022 by Dissent

On September 20, DataBreaches published a post about an alleged hack of Ask.FM data from what was described as a March, 2020 hack. Ask.FM had not replied to this site’s inquiries by the time of publication. Ask.FM replied today and reminded me that they had addressed this same claimed hack in December 2021 when this…

Bjorka, the Online Hacker Trying To Take Down the Indonesian Government

Posted on September 23, 2022 by Dissent

Aisyah Llewellyn reports: The first that Indonesia heard about the hacker now known as Bjorka came when news broke at the beginning of September of a massive data leak. Some 1.3 billion SIM card registration details were stolen and listed for sale on a dark web online marketplace. The data was harvested in part as…

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

Posted on September 23, 2022 by Dissent

Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms, and Jonathan M. Weiss of Proskauer write: …. Cyberattacks, by their very nature, know no borders and nor therefore should a private fund’s response The first of this two-part series considers immediate incident response steps and analyses whether to pay a ransom, from U.S.,…

Morgan Stanley to pay $35 million fee for ‘astonishing’ customer data disposal practices

Posted on September 22, 2022 by Dissent

Jonathan Greig reports: Morgan Stanley will pay a $35 million penalty to settle charges from the U.S. Securities and Exchange Commission for wide-ranging failures around properly disposing of hard drives and servers containing the personal information of some 15 million customers. The company did not respond to requests for comment, but the SEC said in…

LockBit ransomware builder leaked online by “angry developer”

Posted on September 22, 2022 by Dissent

Lawrence Abrams reports: The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang’s newest encryptor. In June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. […] Regardless of how the private ransomware builder was leaked, this…