Topic: Cybercrime

Subscribe to Cybercrime RSS feed

Cyber authorities sound the alarm on critical vulnerability In Java Library

Photo of David Kitchen (US)Photo of Chris Cwalina (US)Photo of Anna Rudawski (US)Photo of David Kessler (US)Photo of Will Daugherty (US)By David Kitchen (US), Chris Cwalina (US), Anna Rudawski (US), David Kessler (US) and Will Daugherty (US) on Posted in Cybercrime, Cybersecurity, Ransomware, Vendor management and transactions
Cyber authorities sound the alarmOn December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers. This is a critical vulnerability of very high significance to government and industry groups. See … Continue reading

Hong Kong: Bill to combat doxxing acts passed

Photo of Edward Yau (HK)Photo of Anna Gamvros (HK)By Edward Yau (HK) and Anna Gamvros (HK) on Posted in Cybercrime, Cybersecurity, Privacy law
Data Protection Report - Norton Rose FulbrightThe Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021. As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO) by: introducing offences to criminalize doxxing acts; empowering the Privacy Commissioner for Personal Data (the Commissioner) to conduct … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Photo of David Kitchen (US)Photo of Kate Nelson (US)By David Kitchen (US) and Kate Nelson (US) on Posted in Cybercrime, Cybersecurity, General, Ransomware
Norton Rose Fulbright - Data Protection Report blogOn September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

OFAC Announces New Measures to Address Ransomware Attacks

Photo of Chris Cwalina (US)Photo of Ashley Zatloukal (US)Photo of Stefan H. Reisinger (US)By Chris Cwalina (US), Ashley Zatloukal (US) and Stefan H. Reisinger (US) on Posted in Cybercrime, Cybersecurity, Ransomware
Norton Rose Fulbright - Data Protection Report blogThe U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem.  OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the SDN List; (2) designating a fairly large number (~25) additional digital currency addresses to the … Continue reading

Another One Bites the Dust: Court once again finds data breach forensic report isn’t protected by privilege

Photo of Chris Cwalina (US)Photo of Ashley Zatloukal (US)Photo of Anna Rudawski (US)By Chris Cwalina (US), Ashley Zatloukal (US) and Anna Rudawski (US) on Posted in Cybercrime, Cybersecurity, Data breach, Vendor management and transactions
Norton Rose Fulbright - Data Protection Report blogOn July 22, 2021, a federal court in Pennsylvania held that an investigative report created by Kroll (the “Kroll Report”), the defendant’s third party cybersecurity consultant, and related communications were not protected by privilege. The court found that the Kroll Report was not protected by the work-product doctrine or attorney-client privilege. The decision comes after … Continue reading

NYDFS Requires COVID-19 Plans by April 9

Photo of Susan Ross (US)Photo of Kathleen Scott (US)By Susan Ross (US) and Kathleen Scott (US) on Posted in Compliance and risk management, Cybercrime, Cybersecurity, Dispute resolution and litigation, Enforcement, General
Norton Rose Fulbright - Data Protection Report blogOn March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading

Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)

Photo of Steven Hadwin (UK)Photo of Marcus Evans (UK)Photo of Amanda Sanders (UK)By Steven Hadwin (UK), Marcus Evans (UK), Amanda Sanders (UK) and Janine Regan (UK) on Posted in Cybercrime, Cybersecurity, Data breach, Dispute resolution and litigation
Norton Rose Fulbright - Data Protection Report blogIn a judgment which will be warmly welcomed by employers (and their insurers) in the UK, the UK Supreme Court today overruled the Court of Appeal in holding that that Morrisons supermarkets is not vicariously liable for a data breach maliciously caused by a former employee.… Continue reading

Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence

Photo of Pierre Bienvenu (CA)Photo of Ben Grant (UK)By Pierre Bienvenu (CA) and Ben Grant (UK) on Posted in Cybercrime, Cybersecurity, Data breach, Dispute resolution and litigation, General
The GDPR has significantly altered the landscape of data protection. Its broad scope and potentially severe penalties have forced those who hold and process data to take note of its provisions. In certain instances, that will include many in the international arbitration community, such as arbitral institutions. In parallel, cyber attacks and instances of hacking … Continue reading

Cybersecurity and the SEC

Photo of Susan Ross (US)Photo of Alexis Wilpon (US)By Susan Ross (US) and Alexis Wilpon (US) on Posted in Compliance and risk management, Cybercrime
Data Protection Report - Norton Rose FulbrightThe U.S. Securities and Exchange Commission (“SEC”) may not be the first agency that comes to mind with respect to cybersecurity, but the SEC has been in the headlines recently with respect to cyber fraud in particular. Earlier this month, the SEC promulgated a report urging companies to take preventive measures against cyber fraud.… Continue reading

FERC issues notice of proposed rulemaking to extend reporting requirements for cyberattacks targeting the energy sector

Photo of Susan Ross (US)Photo of Alexis Wilpon (US)By Susan Ross (US) and Alexis Wilpon (US) on Posted in Compliance and risk management, Cybercrime, Data breach
Data Protection Report - Norton Rose FulbrightOn July 23 and 25, 2018, the U.S. Department of Homeland Security (DHS) held public briefings about an attempt by a state-sponsored Russian hacking group to target control systems for U.S. electrical grids and power plants. DHS’ webinar explained that the hackers obtained access to vendors providing computer services to electric utilities companies. This initial … Continue reading

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

By on Posted in Compliance and risk management, Cybercrime
Norton Rose Fulbright - Data Protection Report blogSlightly over one year ago, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. Now, a new Internet of Things (IoT) botnet, called IoT Reaper, or … Continue reading

Singapore proposes changes to cybersecurity and data protection regimes

Photo of Stella Cramer (SG)Photo of Wilson Ang (SG)Photo of Magdalene Lie (UK)Photo of Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG), Magdalene Lie (UK) and Jeremy Lua (SG) on Posted in Cybercrime, Data breach
Data Protection Report - Norton Rose FulbrightIn a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime. These changes will have a significant … Continue reading

New Global Cyberattack Affects Businesses, Government, and Infrastructure

By on Posted in Compliance and risk management, Cybercrime
Norton Rose Fulbright - Data Protection Report blogA new strain of malware began infecting computer systems across the globe on Tuesday.  Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading

Large Ransomware Attack Affects Companies in Over 70 Countries

By on Posted in Compliance and risk management, Cybercrime
Norton Rose Fulbright - Data Protection Report blogA large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning.  According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon. The attacks are being caused by ransomware called “WannaCry,” which quickly moves across systems to encrypt large amounts of computer … Continue reading

Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong

Photo of James Parker (HK)Photo of Anna Gamvros (HK)By James Parker (HK) and Anna Gamvros (HK) on Posted in Compliance and risk management, Cybercrime, Regulatory response
A two-month consultation on proposed measures to reduce and mitigate cyber security risks associated with internet trading of securities in Hong Kong (the Consultation) was launched on 8 May 2017 by the Securities and Futures Commission (the SFC). The Consultation follows a recent review by the SFC of resilience of brokers in Hong Kong to … Continue reading

Singapore legal update: Firm warned for WhatsApp personal data disclosure

Photo of Magdalene Lie (UK)By Magdalene Lie (UK) on Posted in Cybercrime, Data breach, General
Singapore’s Personal Data Protection Commission has on 21 March 2017 issued a warning to a local firm for disclosing a former employee’s personal information in a company WhatsApp group. A director at the firm, Executive Coach International, had shared highly sensitive information about the former employee with 58 members of a chat group comprising staff … Continue reading

Legal Implications of DDoS Attacks and the Internet of Things (IoT)

By on Posted in Cybercrime
Data Protection Report - Norton Rose FulbrightSeveral significant distributed denial-of-service (“DDoS”) attacks have taken place in the last few weeks, including a major event involving a domain name service provider (Dyn), which caused outages and slowness for many popular sites like Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. This significant attack came on the heels of two major DDoS attacks against … Continue reading

UAE Outlaws Sales of Personal Data and Increases Fines for Companies

By on Posted in Compliance and risk management, Cybercrime
Data Protection Report - Norton Rose FulbrightThe United Arab Emirates Penal Code was amended with effect from October 29, 2016 to outlaw the copying, distribution or disclosure of information that a person obtains in the course of their employment. This new offence will target company insiders (or service providers) unlawfully dealing in personal data. Other changes to the Penal Code will … Continue reading

Major DDoS Attacks Signal Need for Strengthened Cyber Defenses

Photo of Daniel Leslie (CA)By Daniel Leslie (CA) on Posted in Compliance and risk management, Cybercrime
Data Protection Report - Norton Rose FulbrightOn Friday, October 21, a series of Distributed Denial of Service (DDoS) attacks were launched against the servers of Dyn, a major DNS host. DNS hosts operate in a manner akin to a switchboard for the Internet, helping to route domain names (e.g., dataprotectionreport.com) to underlying IP addresses (e.g., 104.28.6.115). By attacking Dyn, hackers were … Continue reading

FTC Enforcement Possible for Failing to Guard Against Ransomware

By on Posted in Compliance and risk management, Cybercrime, Regulatory response
Data Protection Report - Norton Rose FulbrightRecent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading
LexBlog