Collaborate Disseminate
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. T… Continue reading IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks
David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with… Continue reading Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say
Jeffrey Burt reports: President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief pol… Continue reading Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
Reuters reports: Italy’s government is set to propose tougher jail terms for cybercrime and stricter disclosure rules for public bodies that come under attack from hackers, according to a draft law seen by Reuters on Wednesday. The bill, set for … Continue reading Italy government proposes tougher jail terms for cybercriminals
Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its so… Continue reading SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal informa… Continue reading Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification … Continue reading Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @WPalant@infosec.exchange German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a softw… Continue reading German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failur… Continue reading NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedu… Continue reading After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding