As you read the following press release, note that they do not tell us when they first discovered that there might have been a security breach or incident. Nor do they tell us how they first discovered it. And what’s with this “out of an abundance of caution” claim? If you can’t figure out what…
Category: Commentaries and Analyses
CISA Alert (AA22-040A): 2021 Trends Show Increased Globalized Threat of Ransomware
Summary In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S….
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…
NIST Publishes Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products
Micaela McMurrough, Ashden Fein, and Matthew Harden of Covington and Burling write: On February 4, 2022, the National Institute of Standards and Technology (“NIST”) published its Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products (“IoT Criteria”). The IoT Criteria make recommendations for cybersecurity labeling for consumer IoT products, in other words, for IoT…
Microsoft plans to kill malware delivery via Office macros
If you use Word and always feel concerned when you “enable macros” because of the risk of malware, here’s some good news. Sergiu Gatlan reports: Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular…
Indicators of Compromise Associated with LockBit 2.0 Ransomware and Additional Mitigations
On February 4, the FBI issued a Flash Alert: Indicators of Compromise Associated with LockBit 2.0 Ransomware Today, HHS’s Cybersecurity Program issued its companion HC3 alert. It says, in part: Impact to HPH Sector Although the LockBit 2.0 cybercrime gang claims to not attack healthcare organizations, all ransomware continues to act as a major cyber…