National Security & Digital Crimes

CISA Releases Advisory Concerning Chinese-Backed Threat Actor

October 9, 2023 By Kim Peretti

On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA) concerning the recent activity of […]

New York Continues to Focus on Companies’ Data Security Practices

October 6, 2023 By Kim Peretti and Kristen Bartolotta

New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of deletion of the stolen data. Most recently, on October 5, 2023 the Office of the Attorney General (OAG) announced a $49.5 […]

Penn State University Hit With False Claims Act Suit for Alleged Cyber Security Deficiencies

September 25, 2023 By Privacy, Cyber & Data Strategy Team

On September 1, 2023, the U.S. District Court for the Eastern District of Pennsylvania unsealed a qui tam False Claims Act (“FCA”) lawsuit (originally filed on October 5, 2022) alleging Penn State University failed to provide “adequate security” for Covered Defense Information, as contractually required by Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7012. DFARS requires […]

Chinese Hackers Exploit Gap in Cloud Environment Used by U.S. Government

July 20, 2023 By Kristen Bartolotta and Privacy, Cyber & Data Strategy Team

According to recent reports issued by Microsoft and U.S. government agencies, hackers recently exploited a gap in Microsoft’s cloud environment, enabling the malicious actors to access the email accounts of employees at the United States Commerce and State Departments. Including the U.S. government, around 10 organizations were victimized in the U.S. and about 25 were […]

CL0P Ransomware Gang’s Exploitation of MOVEit Vulnerability: What It Means for Companies

June 12, 2023 By Kim Peretti, Alysa Austin and Lance Taubin

On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in Progress Software’s managed file transfer software (MOVEit Transfer), exploited by the CL0P ransomware group. CL0P publicly claimed responsibility for exploiting the […]