On March 2, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022 (“SACA” or the “Bill”). The Bill is now with the House of Representatives for a vote and, if passed, will be sent to President Biden’s desk for signature.
Continue Reading U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
Cybersecurity
FTC Puts Companies on Notice that Failure to Identify and Patch Instances of Log4j May Violate FTC Act
On January 4, 2022, the Federal Trade Commission published a blog post reminding companies that “the duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” in response to Log4Shell’s public disclosure of the Log4j vulnerability.
Continue Reading FTC Puts Companies on Notice that Failure to Identify and Patch Instances of Log4j May Violate FTC Act
SEC Proposes New Cybersecurity Rules for Investment Managers
On February 9, 2022, the SEC proposed new cybersecurity compliance and disclosure rules for the investment management industry in a three to one vote.
Continue Reading SEC Proposes New Cybersecurity Rules for Investment Managers
China Releases Draft Regulations on Network Data Security Management
The Cyberspace Administration of China released for public comment the draft Regulations on Network Data Security Management. The Draft Regulations are intended to implement portions of three existing laws: the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. In this blog entry, we discuss several of the key areas addressed by the Draft Regulations.
Continue Reading China Releases Draft Regulations on Network Data Security Management
Russian Federal Security Service Reportedly Detains Members of REvil Ransomware Group
On January 14, 2022, the Russian Federal Security Service detained members of the REvil ransomware group at the request of the United States, according to public press reports.
…
Continue Reading Russian Federal Security Service Reportedly Detains Members of REvil Ransomware Group
New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks
The New York Office of the Attorney General recently announced the results of an investigation into “credential stuffing,” which uncovered 1.1 million compromised accounts from cyberattacks on 17 well-known companies. The announcement included a “Business Guide for Credential Stuffing Attacks,” detailing the attacks and providing tips for businesses to protect themselves.
Continue Reading New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks
TSA Announces New Security Directives for Rail Sector
On December 2, 2021, the Transportation Security Administration announced that it issued two security directives requiring higher-risk freight railroads, passenger rail and rail transit to implement measures to strengthen cybersecurity within the sector.
Continue Reading TSA Announces New Security Directives for Rail Sector
Federal Regulators Issue New Cyber Incident Reporting Rule for Banks
On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency issued a new rule requiring U.S. banks to notify federal regulators within 36 hours of determining that a computer-security incident meeting certain criteria has occurred. The rule also requires bank service providers to notify affected banks “as soon as possible” when the service provider determines that a computer-security incident has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.
Continue Reading Federal Regulators Issue New Cyber Incident Reporting Rule for Banks
U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance the twin goals of encouraging fintech innovation while protecting against cyber threats from nation-state and criminal actors.
Continue Reading U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
FTC Recommends Steps to Protect Against Ransomware
On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks. This post provides a summary of the steps.
Continue Reading FTC Recommends Steps to Protect Against Ransomware