On May 7, 2024, the United States unsealed an indictment against Dmitry Yuryevich Khoroshev, one of the leaders of the Russian-based ransomware group LockBit, for his alleged involvement in developing and distributing the LockBit ransomware. … [Read more] about LockBit Takedown Indicates Shifting DOJ Cyber Strategy and Has Implications for Ransomware Victims
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the core components of CSF … [Read more] about NIST Cybersecurity Framework 2.0 Prioritizes Governance and Flexibility
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, … [Read more] about CISA Posts Notice of Proposed Rulemaking Under CIRCIA
On March 29, 2024, the Federal Trade Commission (the “FTC”) published a unanimous decision to deny an application by the Entertainment Software Rating Board, Yoti, and SuperAwesome (collectively, the “Applicants”) to add a new verifiable parental … [Read more] about FTC Denies an Application to Add a New Verifiable Parental Consent Mechanism Under COPPA Rule Without Prejudice
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data protection laws (the … [Read more] about China Releases Updated Regulations on Permits Needed for Transferring Data out of China