Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan. According to a Joint Advisory published on September 27, 2023, by the National Security Agency

Linn Foster Freedman
Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
AI and Cybersecurity
There is a lot of chatter out there around the uses of artificial intelligence (AI) for cybersecurity. For example, Applied Sciences published a paper on how AI can be used for mobile malware detection, and Gartner has published on AI Security Management.
According to an article published in Forbes, entitled “A Primer on Artificial Intelligence…
Privacy Tip #373 – If you Use Windows Copilot —Configuration Update Issued by Microsoft This Week
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot.
According to Microsoft, it has identified that when using Copilot in preview:
- Narrator does not work as you expect with challenge–response tests, such as Captcha.
- Narrator fails
Joint Advisory Warns of Snatch Ransomware
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.
Snatch has been hitting the Defense Industrial Base (DIB)…
Governance of AI: Keeping You Informed
We have been keeping a keen eye on the explosion of the use of artificial intelligence (AI) tools and generative AI. We are assisting clients with Governance Programs to formulate a process to evaluate the use of AI in their organizations, encourage safe and reliable use of AI tools by employees, evaluate appropriate uses of…
Privacy Tip #372 – Personal Preparedness for Massive Cyber-Attack
It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive cyber-attack. I started thinking about this when I was…
Joint Commission Issues Alert on Patient Safety After a Cyber-Attack
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the event of a cyberattack.”
The Alert outlines the growth of cyber-attacks and information system breaches in the…
CISA Alert: VMware Releases Security Update—Patch VMware Tools Now
VMware provides multi-cloud services, products, and solutions for its customers, including VMware Tools. On September 1, 2023, VMware released a security update for a vulnerability in VMware Tools. According to the Cybersecurity Infrastructure Security Agency (CISA), “A cyber threat actor can exploit this vulnerability to obtain sensitive information.”
In the alert, CISA “encourages users…
Privacy Tip #371 – Internet Safety Guide for Seniors
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than the average individual about how they implement attacks, but she worries about her mother, who is frequently online.
CISA Issues Four More Industrial Control Systems Advisories
On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control systems. The advisories are applicable to four different industrial control products, explain the risk of the vulnerability (e.g., “successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted…