Dark Reading reported on July 19 that Campbell Conroy & O’Neil (Campbell), a law firm representing hundreds of major organizations, confirmed a data privacy incident related to a ransomware attack detected earlier this year. Campbell’s client list includes prominent companies across industries including automotive, aviation, chemical, construction, energy, hospitality, insurance, medical devices, pharmaceutical, retail, and transportation. Past and current clients include Ford Motor Company, General Motors, Boeing, Johnson & Johnson, Pfizer, Home Depot, and…

John and I are big fans of CISA (Cybersecurity and Infrastructure Security Agency), a division of Homeland Security. CISA has really become a valuable source of cybersecurity information and guidance. So we are delighted to see CISA publish a Stop Ransomware website. Recently, CISA launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov gives one central location for ransomware resources and alerts. CISA encourages organizations…

News of the existence of the Pegasus Project has spread like wildfire. As the Washington Post reported, military-grade spyware leased by the Israeli firm NSO Group to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and the two women closest to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners…

TechRepublic reported July 6 on some very interesting (and sobering) findings from a survey of over 1000 professionals by passwordless security company Beyond Identity. Here are the startling stats: Nearly half admit to password sharing More than a third say they write their passwords on paper One in four say they still have access to accounts from past jobs 45.6% of respondents say they believe strict password policies hamper productivity. Sigh. Where have we heard…

ZDNet reported on July 6 that enterprise tech firm Kaseya has confirmed that approximately 1,500 businesses were impacted as a result of an attack on its remote device management software, which was used to spread ransomware. Apparently the attackers carried out a supply chain ransomware attack by leveraging a previously unknown vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) and their customers. VSA is remote monitoring and management software, which is used…

It doesn’t matter what profession you are in – the impact of the “Great Resignation” is rippling across America. CNBC reported on June 30 that, instead of returning to the office, employees may quit instead. According to a report by Monster.com, 95% of employees are considering switching jobs. I would note that there is a big difference between considering and actually quitting. And a lot of economic considerations! Nonetheless, people are thinking more seriously about…

CSO Online reported on June 28 that four states have five pending pieces of legislation that would either ban paying a ransom or restrict paying it. In New York, Senate Bill S6806A “prohibits governmental entities, business entities, and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.” Another New York Senate bill, Senate Bill S6154, provides money so that local governments can upgrade…