The UK’s data privacy regulator, the Information Commissioner’s Office (ICO), is investigating Microsoft over potential privacy concerns with its recently announced AI-powered “Recall” feature for Windows PCs. Microsoft Recall is designed to continuously capture screenshots of a user’s PC activity and use AI to create a searchable computer usage history. While these screenshots would be
cybersecurity
Tennessee Passes Law Restricting Data Breach Class Action Suits
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross negligence.
The bill, as introduced, “declares a private entity to be not civilly liable in a class action resulting from a…
Intercontinental Exchange Settles with SEC Over Alleged Delay in Notification of Hack
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC of the cybersecurity incident it experienced in 2021 involving its virtual private network.
The SEC alleged that ICE should…
CISA Issues Advisory on Black Basta Ransomware
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.”
The Black Basta Advisory provides information on how the threat actors gain…
Privacy Tip #398 – Cybersecurity Agencies Issue Guidance for Civil Society on Mitigating Cyber Threats
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” is targeted to assist civil society—“nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities…
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living facilities in 19 states. Ascension confirmed that it has been hit by a cybersecurity attack and that the attack has disrupted its clinical operations. Ascension detected the attack on May 8, 2024, and…
Patch, Patch, Patch: Updates for Fortinet, Microsoft, and Adobe Products
Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention.
On March 12, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued three Cybersecurity Alerts for Adobe, Microsoft, and Fortinet security patches.
The…
CISA, FBI + MS-ISAC Issue Warning on Phobos Ransomware
To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory warning organizations about the Phobos ransomware, and provided indicators of compromise and tactics, techniques, and procedures used by Phobos as recently as February.
According to the advisory, Phobos has been attacking “municipal and…
Mercedes-Benz Source Code Potentially Compromised in GitHub Token Exposure
Mercedes-Benz reportedly suffered a security incident that exposed confidential source code on an Enterprise Git server. The incident occurred due to a compromised GitHub exposed by an employee. Although the incident occurred on September 29, 2023, it wasn’t discovered until January 11, 2024. A cybersecurity firm discovered the token during an internet scan and informed…
Privacy Tip #386 – What? Gen Z is Bigger Cybersecurity Risk than Boomers
OK boomers—instead of being on the end of an “OK boomer” comment, now you have some ammunition. Boomers have been reported to be less of a cybersecurity vulnerability to the workforce than Gen Z. An article by Karina Zapata of CBC News outlines findings from cybersecurity tech company Check Point that posit Gen Z as…