Header image

Maine Enacts NAIC-Inspired Cybersecurity Law

Posted on by Dissent

Heather McArn,  Bryant Roby Jr. and Judith Selby of Hinshaw write: Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons…

Read more

In Memoriam, Kurt Wimmer

Posted on by Dissent

One of the most important contributors to this blog will be laid to rest this morning, and I am absolutely gutted. For more than one decade, Kurt Wimmer was this blog and this blogger’s First Amendment defender and counsel. It was only with Kurt’s pro bono help and that of Jason Criss, and their colleagues…

Read more

Cyber Breach Disclosures Still Take More Than a Month

Posted on by Dissent

Vincent Ryan reports: After being discovered, cybersecurity breaches are not consistently disclosed promptly, found an Audit Analytics study of public companies released on Friday. On average, publicly held companies took 53 days to disclose a breach incident after discovering it. The 53-day average disclosure timeframe is less than the 10-year average of 67 days, but…

Read more

Attackers deliver legal threats, IcedID malware via contact form

Posted on by Dissent

Sergiu Gatlan reports: … IcedID is a modular banking trojan first spotted in 2017 and updated to also deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware. Recently detected by the Microsoft 365 Defender Threat Intelligence Team, this phishing campaign seems to have found a way to bypass contact forms’ CAPTCHA protection to flood enterprises with a barrage…

Read more