Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

A Very Smart Primer on Smart Contracts—An Example of What One Financial Services Regulator is Doing to Foster FinTech

The Commodity Futures Trading Commission’s LabCFTC recently released “A CFTC Primer on Smart Contracts” as part of LabCFTC’s effort to engage with innovators and market participants on a range of financial technology (FinTech) topics. The Primer offers a clear and concise explanation of “smart contracts” and their potential impact on the CFTC’s mission to foster … Continue Reading

Cybercriminals Recruiting Employees on the Dark Web to Assist with Fraud Schemes

Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cybercriminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses have … Continue Reading

Recruiting Scams on the Rise

With more companies hiring, online recruiting scams have re-emerged to prey on job seekers and employers. The Better Business Bureau tracked more than 3,000 recruiting scams in the first 10 months of 2018 with losses in the million dollars. The online recruiting scam works this way: the scammer fraudulently uses a company’s name and logo, … Continue Reading

The Financial Stability Board’s “Cyber Lexicon” – Global Jargon for a Global Mission

On November 12, the Financial Stability Board (FSB) published a Cyber Lexicon, designed to help financial institutions around the globe address “financial sector cyber resilience.” The Cyber Lexicon sets forth definitions for 54 “core terms related to cybersecurity and cyber resilience in the financial sector.” “Cyber Resilience,” one of the 54 definitions, is defined as … Continue Reading

UK Information Commissioner’s Office Issues Guidance on Use of Encryption and Passwords in Connection with GDPR

The “security principle” under the General Data Protection Regulation (GDPR) requires that organizations process personal data securely by means of “appropriate” technical and organizational measures. This month, the United Kingdom’s Information Commissioner’s Office (ICO) issued new guidance focused on two specific measures the ICO recommends that companies consider in complying with the GDPR security requirements: … Continue Reading

Ransomware Continues to Be Top Threat to Small Companies

According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small- and medium-sized companies. Some managed service providers were surveyed in Singapore, the Asia-Pacific region and across the globe. Fifty-five percent of them said their clients had experienced … Continue Reading

FTC Announces Cybersecurity Resources for Non-Profits

Non-profit organizations collect, use and disclose personal information just like any other for-profit industry. However, non-profit organizations often don’t have the same resources to devote to data security as their for-profit counterparts. The risk is the same, but the ability to defend and respond is more challenging due to more limited resources that can be … Continue Reading

Hackers Tamper with Trademark Applications and Registrations in USPTO System

The U.S. Patent and Trademark Office (USPTO) announced last week that it has discovered that unauthorized users have attempted to hack into its online trademark system to attempt to make unauthorized changes to active trademark applications and registrations. They have also tried to register marks owned by others on third-party brand registries. According to USPTO, … Continue Reading

New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack

We all know data breaches can impact all of us, regardless of whether we are a Fortune 500 company or a small business. Lawyers, of course, are not immune from data attacks and recent guidance from the American Bar Association Standing Committee on Ethics and Professional Responsibility illustrates how critical it is for lawyers and … Continue Reading

SEC Report Cautions Companies to Consider Cyber Threats with Internal Controls

The Securities and Exchange Commission (SEC) this week issued an investigative report that outlined cyber incidents that nine public companies had experienced, causing fraudulent losses totaling more than $100 million. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.” The investigations focused on business email compromises where … Continue Reading

Consumers Mixed on Retailers’ Use of Facial Recognition Technology

Many consumers are unaware that retailers use facial recognition technology in retail stores to monitor shoppers and prevent shoplifting. Consumers see cameras in retail stores and assume it is to monitor for shoplifting and theft, but many are unaware that facial recognition technology is used so their actual identity can be determined while they are … Continue Reading

OIG Announces New Multidisciplinary Cybersecurity Team

The Office of Inspector General (OIG) recently announced the creation of a cybersecurity team focused on combating threats within the Department of Health & Human Services (HHS), and within the health care industry. The team includes auditors, evaluators, investigators, and attorneys with experience in cybersecurity matters, and its work is intended to build on the … Continue Reading

FDA Announces Playbook for Medical Device Cybersecurity

On October 1, 2018, the Food and Drug Administration (FDA) issued its “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook” to address continued threats to medical devices that could affect patient safety. The 32 page playbook, developed by MITRE Corp., states that “the purpose of the playbook is to serve as a tool for … Continue Reading

California Tackles IoT Security with New Bill

The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading

Schneider Electric USBs Infected with Malware

Schneider Electric recently issued a consumer warning that it mistakenly shipped USB drives to its customers that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determine that some USB removable media shipped with [two products] were contaminated with malware during manufacturing by one of our suppliers.” According to the … Continue Reading

Vicious Kronos Variant Osiris Malware Recently Released and Proving Dangerous

We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules. The Kronos developers recently released a new update (dubbed Osiris), which is presently attacking individuals in Germany, Japan, and Poland, with the U.S. in the … Continue Reading

Millions of Sensitive Records Leaked by Another Spyware Maker

We reported last week that a spyware maker compromised users’ and victims’ sensitive information [view related post]. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its product to “spy” on their partners and children, has reportedly leaked the passwords, call logs, text messages, location data, … Continue Reading

New York Department of Financial Services Cybersecurity Regulation 18-month Compliance Deadline Arrives

On September 4, 2018, the third stage of compliance deadlines under the New York Department of Financial Services’ (DFS) expansive cybersecurity regulation went into effect. This deadline, scheduled for implementation 18 months after the regulation (23 NYCRR 500) initially went into effect in March 2017 triggers Covered Entities’ obligations under the regulation to: Maintain systems … Continue Reading

Two Federal Criminal Convictions for Cyberattacks

The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading

Spyware Company Hacked

It has been reported that a hacker was able to break into the servers of TheTruthSpy, a company that is described as “one of the most notorious stalkerware companies out there”  (Motherboard, August 2018) and was able to steal logins, audio recordings, text messages, and pictures of victims. Motherboard has issued a series of stories that … Continue Reading
LexBlog