Category: Cybersecurity

Discerning Data Cyber Vulnerability Alert: Log4j

Share

According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library.

Read the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)’s guidance on the Log4j vulnerability here.

Continue reading “Discerning Data Cyber Vulnerability Alert: Log4j”

New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks

Share

With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor Authentication (MFA) and cybersecurity frameworks.

On December 7, 2021, NYDFS issued a formal Industry Letter entitled Guidance on Multi-Factor Authentication. According to the Industry Letter, MFA “is an essential part of cybersecurity hygiene . . . which is why it was one of the few technical controls explicitly required by” the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (the Cybersecurity Regulation). However, the Industry Letter goes on to note that “MFA weaknesses are the most common cybersecurity gap exploited at financial services companies,” most often due to MFA “being absent, not fully implemented, or configured improperly.” Specifically, NYDFS noted that, from January 2020 to July 2021, more than 18.3 million consumers were impacted by cybersecurity incidents reported to NYDFS that were linked to an MFA failure.

Continue reading “New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks”

Feds Hope to Tighten Timeline for Agency Reporting of Cyberattacks as Congress Debates Federal Data Breach Notification Law

Share

On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this memorandum, federal agencies are now mandated to report “major” cyberattacks within one hour of discovery to the Cybersecurity and Infrastructure Security Agency (CISA) and to the Office of Management and Budget (OMB). It also directed that affected agencies update reports within one hour of determining that an already-reported incident is determined to be “major.”

Continue reading “Feds Hope to Tighten Timeline for Agency Reporting of Cyberattacks as Congress Debates Federal Data Breach Notification Law”

OFAC Issues Sanctions Compliance Guidance for Virtual Currencies

Share

In October, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published new guidance for the virtual currency industry focusing on compliance with the financial industry’s obligations related to U.S. economic sanctions.

OFAC administers and enforces economic sanctions against targeted and/or sanctioned foreign countries, geographic regions, entities, and individuals to further U.S. foreign policy and national security goals.

As noted in the new guidance, virtual currencies now playing an increasingly prominent role in the global economy. The growing relevance of virtual currency, both as an investment and as a payment method, brings greater exposure to sanctions risks. Specifically, there is an increased risk that a sanctioned entity or an entity in a jurisdiction subject to sanctions might use virtual currency as an alternative to fiat currency in an effort to avoid U.S. sanctions. As such, the OFAC guidance specifically targets technology companies, virtual currency exchanges, virtual currency administrators, virtual miners, digital currency wallet providers, and users.

Continue reading “OFAC Issues Sanctions Compliance Guidance for Virtual Currencies”

Faegre Drinker on Law and Technology Podcast: A Primer on Cryptocurrency

Share

When it comes to cryptocurrency, questions abound: What can you purchase with crypto? How can you buy it? Is crypto a passing fad or an innovation that will stand the test of time? In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Faegre Drinker’s Jeffrey Blumberg and former Orange County District Attorney Rahul Gupta, a cybercrime prosecutor with experience in cryptocurrency criminal litigation, to talk all things cryptocurrency.

Continue reading “Faegre Drinker on Law and Technology Podcast: A Primer on Cryptocurrency”

NIST Releases New “Cybersecurity Framework Profile for Ransomware Risk Management” to Battle Growing Threat of Ransomware Attacks

Share

Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or infrastructure, the attacker demands a ransom. This creates a dilemma for organizations — the decision to pay the ransom, relying on the attacker to release the data as they say, or to reject the ransom demand and try to restore the data or operations on their own.

Continue reading “NIST Releases New “Cybersecurity Framework Profile for Ransomware Risk Management” to Battle Growing Threat of Ransomware Attacks”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy