In the Biden Administration’s continuing effort to reduce the risk of cybersecurity spyware from foreign adversaries, including Russia, the United States Department of Commerce (Commerce) issued a final rule (Rule) on June 16, 2023, entitled “Protecting Americans’ Sensitive Data from Foreign Adversaries” and also amended a previously issued rule (“Securing the Information and Communications Technology
Linn Foster Freedman
Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
Privacy Tip #403 – GenAI Tools Use Banned by US House
I always watch what the federal government requires of its employees’ use of technology to get a feel for risks and what is coming down the pike from a regulatory standpoint—this has been going on for years. That’s why I was one of the first to get a cover for my laptop camera, why I…
Black Basta Exploits Microsoft Zero-Day After Patch
It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March.
The vulnerability, CVE-2024-26169, was on Microsoft’s March update’s Patch Tuesday List. Unpatched, it allows the threat actor to escalate privileges. Symantec’s threat hunter team has discovered that Black Basta…
Privacy Tip #402 – CISA Issues Alert About Impersonators
Impersonation schemes are on the rise, and artificial intelligence (including deep fakes and voice cloning) will only make these schemes more difficult to detect.
Threat actors are emboldened, evidenced by the fact that the Cybersecurity and Infrastructure Security Agency (CISA) recently published an alert that threat actors are impersonating CISA employees in vishing attacks in…
Update on Snowflake Cyber Threat
On June 2, 2024, cloud service provider Snowflake reported increased cyber threat activity targeting some of its customer’s accounts. Snowflake recommended that customers review unusual activity to detect and prevent unauthorized user access.
The Cybersecurity and Infrastructure Agency (CISA) then sent an alert on June 3, 2024, recommending that Snowflake customers “hunt for malicious activity…
Privacy Tip #401 – Cyberattack Against TikTok Targeted Brands and Celebrities
TikTok has reported that it is responding to a cyber attack targeting a limited number of known brands and celebrity accounts. The BBC has identified that Paris Hilton’s account as being targeted, but TikTok says it was not compromised.
The BBC identified CNN as a victim whose account was successfully attacked. TikTok is working with…
Proofpoint Survey Outlines Challenges for CISOs
Since I hang out with a lot of CISOs, and understand their pain points, I urge readers to send a “thank you” and “you are the best” message to their CISO. You can’t imagine the pressure and stress they are under to try to protect the company’s data. To get a glimpse of why you…
Privacy Tip #400 – Best of First 400 Privacy Tips
Wow! It’s hard to believe this blog marks the 400th Privacy Tip since I started writing many years ago. I hope the tips have been helpful over the years and that you have been able to share them with others to spread the word.
I thought it would be fun to pick 10 (ok—technically, a few more than 10) Privacy Tips and re-publish them (in case you missed them) in honor of our 400th Privacy Tip milestone. We have published tips that are relevant to the hot issues of the time, but some are time-honored. It was really hard to pick, but here they are:Continue Reading Privacy Tip #400 – Best of First 400 Privacy Tips
Tennessee Passes Law Restricting Data Breach Class Action Suits
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross negligence.
The bill, as introduced, “declares a private entity to be not civilly liable in a class action resulting from a…
Intercontinental Exchange Settles with SEC Over Alleged Delay in Notification of Hack
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC of the cybersecurity incident it experienced in 2021 involving its virtual private network.
The SEC alleged that ICE should…