The use of generative AI tools, such as Chat GPT, has grown exponentially. However, many users do not understand how the technology works, and how the use of generative AI collects personal or sensitive information of users.
The use of generative AI tools is much like how users use the Internet or social media. They
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched vulnerability.
TechRadar is reporting that the firewalls are vulnerable to CVE-2023-27997, and a patch has been issued by Fortinet to address
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies in the event of a data breach.
The Act requires state agencies and municipalities to notify the State Police of an incident
BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages. Although many cases alleging violations of BIPA have previously been settled, this case was the first to go to trial.
The jury
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or provides products or services that are targeted to consumers in Nevada) to provide privacy rights to consumers who provide health data
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection vulnerability in the MOVEit solution. According to the joint advisory, “Internet-facing MOVEit Transfer web applications were infected with a web
It’s hard to keep up with all of the legal challenges related to artificial intelligence tools (AI), but here are a couple of noteworthy ones that have surfaced in the past few weeks, in case you haven’t seen them.
Two New York lawyers are facing possible sanctions for using ChatGPT to assist with a brief
Montana Governor Greg Gianforte has signed SB 351, the Genetic Information Privacy Act (GINA), which “requires an entity to provide consumer information regarding the collection, use, and disclosure of genetic data; providing for limitations and exclusions; providing for enforcement authority; and providing definitions.”
GINA requires entities that collect genetic data, defined as:
any data, regardless
EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people.
The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. The breach occurred when threat actors infiltrated EyeMed’s
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary