The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining “actions that executives, leaders and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming

A federal District Court judge in Illinois sided with the U.S. Department of Labor (DOL) in ordering Alight Solutions, LLC, an ERISA plan services provider, to comply with an administrative subpoena seeking documents pertaining to alleged cybersecurity breaches. The Court’s order in the case, Walsh v. Alight Solutions, LLC, Dkt. # 20-cv-02138 (N.D. Ill.), is

The Cybersecurity & Infrastructure Security Agency (CISA) issued the Cybersecurity Incident & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems (Playbooks) on November 16, 2021, designed to assist Federal Civilian Executive Branch (FCEB) Information Systems agencies in adopting a standard set of procedures related

Staying current with Microsoft’s monthly patches is challenging, yet critical for one’s cybersecurity program. This week, Microsoft’s November Patch Tuesday released 55 patches, six of which were categorized as “critical,” four were previously disclosed (which means that cyber criminals may already be exploiting them), and two are being exploited now. Plugging all of these vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Binding Operational Directive requiring all federal agencies to apply patches to new and old vulnerabilities that are being exploited in the wild.

The Directive, entitled Reducing the Significant Risk of Known Exploited Vulnerabilities, “establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant

The FBI issued a Private Industry Notification on November 2, 2021, warning companies that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.”

According to the Notification, ransomware actors are researching publicly available information to pick targets they believe may be

  • November 9 – Kathryn Rattigan is presenting the “Rise of Drones and Erosion of Privacy” in a live video-broadcast hosted by myLawCLE.
  • November 10 – Kathryn Rattigan will be presenting as part of the Western Michigan University (WMU) Cooley Law School Homeland & National Security Law and the WMU-Cooley Homeland & National Security

In a blog post entitled “New activity from Russian actor Nobelium,” Microsoft’s V.P. of Customer Security & Trust Tom Burt, discussed a recent alert issued by the Microsoft Threat Intelligence Center (MSTIC) regarding the activities of this threat actor. He shared that Nobelium “has been attempting to replicate the approach it has used in past

The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency recently issued two joint alerts to critical infrastructure entities—one addressing BlackMatter Ransomware, and the second specifically to U.S. water and wastewater systems.

BlackMatter Ransomware Alert 

On October 18, 2021, CISA/FBI/NSA issued an alert providing information to critical infrastructure entities