CISA Alert of March 29, 2024: CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems….
Category: Of Note
CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. …
Utah Enacts Amendments to State Breach Notification Law
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance…
Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations. OFAC is also designating Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ,for…
“Lifelock” pleads guilty to hacking and fraud charges
Earlier today, Robert A. Purbeck of Idaho, aka “Lifelock” and “Studmaster,” pleaded guilty in an Atlanta federal courtroom to two counts of an 11-count indictment filed against him in 2021. The two counts charged violation of Title 18, United States Code/ Sections 1030(a)(2)(C)/ 1030(c)(2)(B)(i) and 1030(c)(2)(B)(iii) and Section 2, more commonly known as the Computer…
The 2024 Breach Barometer reports a staggering 171 million patient records breached. And that’s just the ones we know about.
Each year, many news sites add up the number of reports on HHS’s public breach tool and then add up the number of records reported for those incidents. For 2023, that came to 725 reports and about 135 million records. Those numbers are disturbing, but not as disturbing as the numbers out today by Protenus….