Cybersecurity Newsletter

Click HERE to subscribe!

Funded by the Coastal Node of the Commonwealth Cyber Initiative (COVA CCI), CLCT Cybersecurity and Information Security Newsletter is a monthly publication that highlights cybersecurity-related stories with additional legal analysis. This newsletter aims to explain complex cybersecurity incidents and provide the relevant legal context for all audience levels. Since its first issue, the newsletter has gained additional subscribers from around the world. With the new Virginia Consumer Data Protection Act and a number of cybersecurity-related federal regulations and Executive Orders, the newsletter also serves to inform the audience of significant legal changes that impact the cybersecurity field.

ISSUE #25 – April 21, 2023

  • The White House publishes the 2023 National Cybersecurity Strategy
  • Alibaba’s DAMO Vision Intelligence Lab releases publicly Text-to-Video publication Model

ISSUE #26 – June 12, 2023

  • Google Registry launches new top-level domains—.zip and .mov—raising cybersecurity concerns
  • FBI warns of malicious actors using deepfakes to facilitate
    sextortion schemes

ISSUE #22 – September 27, 2022

  • New Text-to-Image AI Model allows users to produce pornographic and other controversial content
  • CISA publishes a guide for post-quantum cryptography for critical infrastructure

ISSUE #23 – December 1, 2022

  • President Biden signs an Executive Order to implement a new privacy framework with respect to “Signals” Intelligence

ISSUE #24 – February 10, 2023

  • NIST publishes the AI Risk Management Framework
  • Lawsuits commenced against Stability AI for intellectual property infringement

ISSUE #19 – June 14, 2022

  • New Jersey federal court dismisses lawsuit against TD Bank that alleged its failure to protect against online theft
  • Former employee of a major NFT marketplace charged with wire fraud and insider trading
  • European Council and the European Parliament agree provisionally on an enhanced cybersecurity Directive

ISSUE #20 – July 7, 2022

  • Senate bill aims to implement export controls to protect personal data from unfriendly nations
  • Attorneys serve an anonymous defendant using an NFT

ISSUE #21 – August 15, 2022

  • Internet critical infrastructure calls for attention; are undersea cables possible points of failure?
  • The National Credit Union Board proposes cyber incident reporting rules

ISSUE #16 – March 7, 2022

  • The SEC proposes regulations on Cybersecurity Risk Management for Investment Advisers and Companies
  • FBI, NSA, and CISA issue Joint Cybersecurity Advisory alert with respect to State-sponsored Cyber Attacks on Cleared Defense Contractor Networks

ISSUE #17 – April13, 2022

  • Cyber Incident Reporting for Critical Infrastructure Act of 2022 signed into law

ISSUE #18 – May 13, 2022

  • The Ninth Circuit holds that data scraping of publicly available information does not implicate the CFAA

ISSUE #13 – December 6, 2021

  • Law enforcement agencies announce the arrest of ransomware suspects and asset forfeiture action
  • Compromised Google Cloud Platform used by threat actors to mine cryptocurrency at others’ expense

ISSUE #14 – January 14, 2022

  • The open source software community and government agencies rush to contain a novel Log4j 2 vulnerability
  • The U.S. Cyberspace Solarium Commission releases white paper focusing on countering disinformation

ISSUE #15 – February 7, 2022

  • The Office of Management and Budget publishes Memorandum to set forth a federal Zero Trust Architecture strategy
  • Just-passed Virginia House Bill aims to require mandatory cybersecurity and data breach incident reporting from all state and local government bodies

ISSUE #10 – September 14, 2021

  • TD Bank sued by a customer for failure to protect against online theft
  • Senator Warner introduced legislation to bolster cyber breach notification

ISSUE #11 – October 11, 2021

  • U.S. Department of Justice charges individuals for violating federal export regulations relating to computer hacking
  • Treasury’s Office of Foreign Assets Control publishes updated advisory on ransomware payments

ISSUE #12 – November 8, 2021

  • Police arrest suspect for de-pixelating pornographic videos using AI technology
  • U.S. House Members introduce The Justice Against Malicious Algorithms Act

ISSUE #7 – April 22, 2021

  • Virginia adopts the Consumer Data Protection Act
  • Pennsylvania woman charged with deep fakes cyberbullying

ISSUE #8 – June 30, 2021

  • U.S. Supreme Court limits the scope of criminal violation under the Computer Fraud and Abuse Act
  • President Biden signs Executive Order to increase information sharing
  • The Ransomware Task Force issues a comprehensive strategic framework against ransomware

ISSUE #9 – September 14, 2021

  • Threat Actors conduct a series of Supply Chain attacks against Kaseya VSA software to spread ransomware to thousands of businesses
  • NSO Group’s Pegasus spyware allegedly used against non-criminal civilians and journalists worldwide

ISSUE #4 – October 6, 2020

  • New Measure of Cyber Power Published: The Belfer National Cyber Power Index 2020
  • Ethereum Classic suffers a third 51% attack in August

ISSUE #5 – December 15, 2020

  • DeFi: High yield and unregulated crypto securities market
  • Microsoft uses Copyright and Trademark Law to combat botnet

ISSUE #6 – March 9, 2021

  • President Biden orders multiple U.S. Supply Chain Reviews
  • The SolarWinds hack: SUNSPOT, SUNBURST, and a compromised Office 365 account
  • Hacker Attempted to Control Florida Water Treatment Plant

ISSUE #1 – July 1, 2020

  • Security researchers discover eBay is port scanning visitors’ computers
  • A National Security Research Agenda for Cybersecurity and AI
  • External actors motivated by monetary interests drive most breaches (Verizon’s 2020 Data Breach Investigations Report)

ISSUE #2 – August 3, 2020

  • Lawful Access to Encrypted Data Act

ISSUE #3 – September 3, 2020

  • Police body cameras sold on eBay contain video footage
  • Carnival reported ransomware attack and data breach in SEC filing
  • Blackbaud paid a ransom to mitigate data breach attack