David Kitchen (US)

Subscribe to all posts by David Kitchen (US)

Cyber authorities sound the alarm on critical vulnerability In Java Library

Photo of David Kitchen (US)Photo of Chris Cwalina (US)Photo of Anna Rudawski (US)Photo of David Kessler (US)Photo of Will Daugherty (US)By David Kitchen (US), Chris Cwalina (US), Anna Rudawski (US), David Kessler (US) and Will Daugherty (US) on Posted in Cybercrime, Cybersecurity, Ransomware, Vendor management and transactions
On December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers. This is a critical vulnerability of very high significance to government and industry groups. See … Continue reading

US banking regulators promulgate a final rule for 36-hour notice of breach

Photo of David Kessler (US)Photo of David Kitchen (US)Photo of Tim Byrne (US)Photo of Susan Ross (US)By David Kessler (US), David Kitchen (US), Tim Byrne (US) and Susan Ross (US) on Posted in Data breach
On November 18, 2021, the US federal banking regulators Office of the Comptroller of the Currency, Federal Reserve Board and Federal Deposit Insurance Corporation jointly announced a final rule that will require banking organizations (which includes the U.S. operations of foreign banking organizations) to notify their regulators as soon as possible but no later than 36 hours of … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Photo of David Kitchen (US)Photo of Kate Nelson (US)By David Kitchen (US) and Kate Nelson (US) on Posted in Cybercrime, Cybersecurity, General, Ransomware
On September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

Connecticut tightens its data breach notification laws

Photo of David Kitchen (US)Photo of Alexis Wilpon (US)By David Kitchen (US) and Alexis Wilpon (US) on Posted in Cybersecurity, Data breach
Effective October 1, 2021, an amendment[1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement … Continue reading
LexBlog