Rachel V. Rose, Ted Dziekanowski, and Andy Watkin-Child report: The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, registrants, and other market participants should take special notice of two key terms in the regulations: “materiality” and the “reasonable investor.” The SEC…
FBI Identifies Cryptocurrency Funds Stolen by DPRK
[Press Release] The FBI is warning cryptocurrency companies of recent blockchain activity connected to the theft of hundreds of millions of dollars in cryptocurrency. Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the…
University of Minnesota investigating potential data breach
Dana Thiede reports: The University of Minnesota confirms that it has contacted law enforcement and is investigating a claimed data breach that officials became aware of just a month ago. U of M spokesman Jake Ricker released a statement to KARE 11 saying on July 21 school administrators became aware that an “unauthorized party” claimed…
New Chrome Feature Alerts Users About Malicious Extensions
Alessandro Mascellino reports: Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users when an extension they have installed is no longer available on the Chrome Web Store. The move comes as part of the tech giant’s ongoing commitment to enhance security measures within its…
Health Data Breach Lawsuits Surge as Cyberattacks Keep Climbing
Skye Witley and Christopher Brown report: Companies handling health data are fending off more cyberattacks each year, and those that do get hacked are facing costly litigation at rapidly rising rates, a Bloomberg Law analysis found. The monthly average of new class actions filed over health data breaches so far this year is nearly double…
A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China
Andy Greenberg reports: Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software…