On October 22, 2020, the National Institute of Standards and Technology (“NIST”) published NIST Technical Note (TN) 2111, “An Empirical Study on Flow-based Botnet Attacks Prediction”. The note, authored by Mitsuhiro Hatada and Matthew Scholl of NIST’s Information Technology Laboratory, presents a method to predict botnet attacks, such as mass spam email and distributed denial-of-service
The National Security Agency (NSA) and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert warning that, over recent months, hackers have been attempting to target Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets. The alert notes recently observed tactics from the hackers, including spear phishing and
On July 21, 2020, the New York State Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for breach of state cybersecurity regulations. Specifically, NYDFS alleges that First American exposed tens of millions of documents containing consumers’ sensitive personal information, including bank account numbers and statements, mortgage and tax
Last Friday, May 1, the White House signed an executive order prohibiting Federal Agencies and U.S. persons from acquiring, importing, transferring, or installing any bulk power system (“BPS”) equipment in which:
Note: This post was originally posted in our Southeast Financial Litigation Monitor.
Gregory C. Cook & Brandon N. Robinson
The story is becoming all too common. A merchant (or consumer) is convinced to wire money to a fraudulent account because of an incorrect belief that they are wiring the money to the real party.
According to a Bloomberg article posted earlier this morning, the U.S. Health and Human Services Department (“HHS”) suffered a cyber attack on its computer systems Sunday night. The attack appears to have been intended to slow the agency’s systems, but was unable to do so in any meaningful way. Just before midnight, the National Security
In our Southeast Financial Litigation Monitor, our own Lindsey Catlett posts about a recent opinion in Southern Independent Bank vs. Fred’s Inc., in which the Middle District of Alabama denied class certification following a data breach which allegedly affected over 2,000 financial institutions across the country. Southern Independent, a community bank located in south
On July 19, 2018, the Federal Energy Regulatory Commission (FERC) issued a final rule (Order No. 848) directing the North American Electric Reliability Corporation (NERC) to develop and submit modifications to NERC Reliability Standards related to Cyber Security Incident reporting. FERC recognized that, under the current Cyber Security Incident reporting Reliability Standard, incidents are only
On Wednesday, March 28, 2018, the Alabama Data Breach Notification Act of 2018 (SB318) was signed into law by the Governor, making Alabama round out the roster of 50 states with data breach notification laws. (South Dakota’s data breach notification was signed by its governor on March 21, 2018, making it the 49
On February 21, 2018, the Securities and Exchange Commission (SEC) published a release entitled “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” (“Release”). Designed to assist public companies in preparing disclosures concerning cybersecurity risk and incidents, the release expands upon the SEC’s previous guidance in 2011 to emphasize particular areas, including board
