The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action.
Log4j is used to record activities in a wide range of systems, sites, and software found in online products and services. Recently, a serious vulnerability in this popular software was discovered. This vulnerability poses a severe risk to millions of users. Most importantly, the Log4j vulnerability is being widely exploited by a growing set of attackers.
Continue reading “FTC Warns Companies to Fix Vulnerabilities Associated with Log4j”
A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours. A copy of the proposed legislation can be found here.
Currently, there is no federally mandated reporting requirement for cyberattacks on American infrastructure targets. The newly proposed legislation is designed to prevent these attacks from going unreported and uninvestigated.
Continue reading “Senators Introduce Bipartisan Legislation To Require Federal Contractors and Operators of Critical Infrastructure to Disclose Cyber Intrusions”
The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, particularly in information governance, has released its Incident Response Guide , open for public comment through June 19, 2018. Drafted by Working Group on Data Security and Privacy Liability (WG11), the guide is meant to serve as a practical resource for practitioners dealing with the legal, technical, and policy issues related to data-related incidents – from distributed denial-of-service to ransomware attacks.
Continue reading “Sedona Conference Working Group on Data Security and Privacy Liability Releases Draft Incident Response Guide”