The National Institute of Standards and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President Biden’s Executive Order 14028—Improving the Nation’s Cybersecurity.
The guidance refers to existing industry standards, tools, and recommended practices that were previously published by NIST in SP800-161 “Cybersecurity
Connecticut Governor Ned Lamont signed the Personal Data Privacy and Online Monitoring Act (CPDPA) into law on May 10, 2022, making Connecticut the most recent state to pass its own privacy law in the absence of comprehensive federal privacy legislation. Connecticut follows in the steps of Nevada, California, Virginia, Colorado and Utah in enacting its
The American Civil Liberties Union (ACLU) filed suit against Clearview AI, Inc. (Clearview AI) in March 2020, alleging that it violated the Illinois Biometric Information Privacy Act (BIPA) by capturing and using billions of individuals’ faceprints without consent. The ACLU filed suit “on behalf of groups representing survivors of domestic violence and sexual assault, undocumented
According to Emsisoft, the education sector continues to experience ransomware attacks, with a whopping 1,043 schools affected by ransomware in 2021. This statistic breaks down to include 62 school districts and 26 colleges and universities.
Emsisoft estimates that data of employees and students were stolen in at least half of those attacks in 2021.
2022
Readers of this blog know how I feel about apps and the data they collect, use and disclose when it comes to privacy. Although they are supposed to tell you in their privacy policy what data they are collecting, few people actually read the privacy policy to understand how their data are being collected, used
The U.S. Department of State has announced a $10 million reward for “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations have in closing those doors.
The Cybersecurity and Infrastructure Security Agency (CISA), along with its counterparts in other countries, issued a
I traveled this week by plane to a client to conduct a cybersecurity tabletop exercise—one of my favorite things to do (the tabletop, not the flying).
To be able to use the wi-fi, everyone instructed in the gate area was told over the loudspeaker that we had to download the airline app on our phones,
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity.”
According to
Unscrupulous criminals use crises to their advantage. Scammers are using the conflict in Ukraine to bilk money from people trying to help those impacted from the attacks. There are numerous accounts of scammers using old techniques to defraud people from funds and personal information.
We all want to help and what is unfolding in Ukraine