Information security laws, investigations and ethics
Get news, advice and commentary on information security laws such as the CFAA, CAN-SPAM and CALEA. Learn about information security legislation, ethical vulnerability disclosure, digital surveillance laws and more.
Top Stories
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
Definition
30 Nov 2023
wiretapping
Wiretapping is the surreptitious electronic monitoring and interception of phone-, fax- or internet-based communications. Continue Reading
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
Definition
16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)
The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
-
Definition
20 Dec 2021
copyright
Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs. Continue Reading
-
Definition
24 Nov 2021
black hat hacker
A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people. Continue Reading
-
News
29 Oct 2021
Europol 'targets' 12 suspects in ransomware bust
Europol has not said whether the suspected ransomware actors were arrested or detained, but the 12 were allegedly involved in attacks that affected 1,800 victims in 71 countries. Continue Reading
-
News
20 Oct 2021
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands. Continue Reading
-
News
18 Oct 2021
FinCEN: 2021 ransomware activity outpaces 2020 in 6 months
The U.S. Treasury's financial crimes bureau has seen a rise in anonymity-enhanced cryptocurrencies like Monero, though Bitcoin remains the most used. Continue Reading
-
Quiz
30 Sep 2021
10 CIPP/US practice questions to test your privacy knowledge
Advance your privacy career by becoming a Certified Information Privacy Professional. Use these 10 practice questions from Wiley's IAPP CIPP/US study guide to prepare for the exam. Continue Reading
-
Feature
30 Sep 2021
How to prepare for the CIPP/US exam
The co-authors of a CIPP/US study guide offer advice on the IAPP certification, including career benefits, how to prepare and how the U.S. exam differs from other regions' exams. Continue Reading
-
News
29 Sep 2021
Group-IB CEO Ilya Sachkov charged with treason in Russia
Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company. Continue Reading
-
News
24 Sep 2021
Cybersecurity leaders back law for critical infrastructure
In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
-
News
21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex
In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
-
News
20 Sep 2021
Italian Mafia implicated in massive cybercrime network
A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob. Continue Reading
-
Definition
17 Sep 2021
email spam
Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Continue Reading
-
News
16 Sep 2021
ExpressVPN stands behind CIO named in UAE hacking scandal
ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government. Continue Reading
-
News
31 Aug 2021
SEC sanctions financial firms for cybersecurity failures
Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading
-
Feature
11 Aug 2021
The differences between open XDR vs. native XDR
With extended detection and response, security teams get improved threat analytics and response capabilities. Here's what they need to know to choose the right type of XDR. Continue Reading
-
Definition
05 Aug 2021
cyberstalking
Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum. Continue Reading
-
News
22 Jul 2021
US Senate mulling bill on data breach notifications
The Senate Intelligence Committee introduced a bill that would require federal agencies and companies providing critical infrastructure to report network breaches to DHS. Continue Reading
-
News
21 Jul 2021
U.K. man arrested in connection with 2020 Twitter breach
A 22-year-old U.K. resident was arrested in Spain and will face extradition on charges related to a social engineering operation that netted big-name Twitter accounts. Continue Reading
-
News
19 Jul 2021
US charges members of APT40, Chinese state-sponsored group
The Department of Justice accused four Chinese nationals of hacking into a variety of businesses between 2011 and 2018 to steal trade secrets and other valuable data. Continue Reading
-
News
30 Jun 2021
European police lay siege to hacker haven DoubleVPN
An international law enforcement operation shut down DoubleVPN, a Dutch-hosted service that had provided low-cost, underground anonymizing services to cybercriminals. Continue Reading
-
News
30 Jun 2021
Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited. Continue Reading
-
News
16 Jun 2021
6 suspected Clop ransomware gang members arrested in Ukraine
The impact of the arrests is unknown, as Clop's ransomware leak site remains online after the arrests. The scale of the gang's current operation is also unknown. Continue Reading
-
News
11 Jun 2021
Securolytics COO charged in Georgia hospital cyber attack
Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system. Continue Reading
-
Podcast
10 Jun 2021
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack. Continue Reading
-
News
08 Jun 2021
FBI used encrypted Anom app in international crime bust
The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings. Continue Reading
-
News
08 Jun 2021
FBI seized Colonial Pipeline ransom using private key
After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI. Continue Reading
-
News
07 Jun 2021
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft. Continue Reading
-
Feature
07 Jun 2021
Hackers vs. lawyers: Security research stifled in key situations
The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks. Continue Reading
-
Feature
03 Jun 2021
How to handle social engineering penetration testing results
In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
-
Feature
03 Jun 2021
How to ethically conduct pen testing for social engineering
Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
-
Definition
27 May 2021
National Security Agency (NSA)
The National Security Agency (NSA) is a federal government intelligence agency that is part of the United States Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
-
Definition
21 May 2021
hacktivism
Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Continue Reading
-
News
18 May 2021
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
-
News
07 May 2021
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations. Continue Reading
-
Podcast
30 Apr 2021
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work? Continue Reading
-
News
29 Apr 2021
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services. Continue Reading
-
Feature
15 Apr 2021
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks. Continue Reading
-
News
18 Mar 2021
FBI IC3 report's ransomware numbers are low, experts say
The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say. Continue Reading
-
Podcast
26 Feb 2021
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS. Continue Reading
-
News
17 Feb 2021
DOJ indicts additional WannaCry conspirators
The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency. Continue Reading
-
Podcast
17 Feb 2021
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks. Continue Reading
-
News
08 Feb 2021
Microsoft, SolarWinds in dispute over nation-state attacks
The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment. Continue Reading
-
News
28 Jan 2021
DOJ charges suspect in NetWalker ransomware attacks
The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic. Continue Reading
-
News
27 Jan 2021
Emotet taken down in global law enforcement operation
Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified. Continue Reading
-
News
10 Dec 2020
HHS proposes changes to HIPAA privacy rule
HHS wants to modify the HIPAA privacy rule to encourage better care coordination and make it easier for patients to access their health data. Continue Reading
-
News
19 Nov 2020
White House questions election security; experts do not
A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees. Continue Reading
-
News
21 Oct 2020
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers. Continue Reading
-
News
20 Oct 2020
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed. Continue Reading
-
News
13 Oct 2020
Trickbot takedown: Will it make a dent in ransomware attacks?
A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last. Continue Reading
-
News
08 Oct 2020
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned. Continue Reading
-
News
01 Oct 2020
Potential ransomware-related death still under investigation
German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month. Continue Reading
-
Feature
24 Sep 2020
CMMC requirements set to ripple throughout DOD supply chain
The Department of Defense's CMMC requirements target defense contractors, but organizations throughout the DOD supply chain -- and beyond -- are prepping for the standards. Continue Reading
-
Guest Post
09 Sep 2020
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry. Continue Reading
-
News
31 Aug 2020
The Uber data breach cover-up: A timeline of events
The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach. Continue Reading
-
News
15 Jul 2020
Advent, Forescout bury the hatchet with new acquisition deal
Despite an ugly legal dispute and allegations of channel stuffing, Advent International and Forescout Technologies are moving forward with an amended acquisition agreement. Continue Reading
-
News
16 Apr 2020
Hackers embrace cryptocurrency laundering to evade the law
Cybercriminals are turning to cryptocurrency laundering methods to hide illicit proceeds as law enforcement agencies find success in tracing bitcoin transactions. Continue Reading
-
Opinion
12 Mar 2020
The future of facial recognition after the Clearview AI data breach
The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading
-
Tip
11 Mar 2020
Updating the data discovery process in the age of CCPA
Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
-
News
11 Mar 2020
Microsoft leads takedown of Necurs botnet
Microsoft, BitSight and other partners used legal and technical steps to take control of one of largest botnets in the world that infected more than 9 million systems. Continue Reading
-
News
04 Mar 2020
Should ransomware payments be insurable? Experts weigh in
Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020. Continue Reading
-
News
27 Feb 2020
CrowdStrike founder: China hacking indictments are working
During his RSA Conference keynote, CrowdStrike co-founder Dmitri Alperovitch explains why the U.S. Department of Justice's indictments against Chinese hackers has been effective. Continue Reading
-
News
05 Dec 2019
DOJ takes action against Dridex malware group, Evil Corp
The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as Evil Corp, and offers a $5 million bounty. Continue Reading
-
News
04 Dec 2019
NSS Labs drops antitrust suit against AMTSO, Symantec and ESET
NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market. Continue Reading
-
News
21 Nov 2019
Ohio builds 'Cyber Reserve' to combat cyberattacks
Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks. Continue Reading
-
News
14 Nov 2019
InfoTrax settles FTC complaint, will implement infosec program
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program. Continue Reading
-
News
30 Oct 2019
Imperva CEO steps down following breach investigation
Chris Hylen unexpectedly stepped down as CEO of Imperva in the wake of a data breach involving cloud WAF customer data, though it's unclear if the two events are connected. Continue Reading
-
Answer
29 Oct 2019
What are the roles and responsibilities of a liaison officer?
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
-
Feature
28 Oct 2019
How the future of data privacy regulation is spurring change
Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
-
Podcast
04 Oct 2019
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference. Continue Reading
-
News
03 Oct 2019
Zendesk breach in 2016 affected 10,000 customers
Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details. Continue Reading
-
News
01 Oct 2019
Bulletproof host raided in former NATO bunker
German authorities arrested seven in raid of bulletproof hosting company CyberBunker -- which was housed in a former NATO bunker -- for allegedly hosting dark web marketplaces. Continue Reading
-
News
27 Sep 2019
New York files lawsuit over Dunkin' breach response
The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly. Continue Reading
-
Feature
26 Sep 2019
Top tips for using the Kali Linux pen testing distribution
It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading
-
News
25 Sep 2019
Trump pushes debunked DNC hack conspiracy in call with Ukraine
In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.' Continue Reading
-
News
10 Sep 2019
DerbyCon session tackles cyber attribution, false flag attacks
One expert showed the crowd at DerbyCon that proper attribution of a cyberattack requires multiple indicators in order to avoid being fooled by a false flag attempt. Continue Reading
-
News
29 Aug 2019
Suspect in Capital One breach indicted for additional intrusions
The alleged Capital One hacker, Paige Thompson, was charged with additional counts of fraud and abuse for stealing data from more than 30 other organizations. Continue Reading
-
News
02 Aug 2019
Capital One breach suspect may have hit other companies
History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet. Continue Reading
-
News
29 Jul 2019
Untangling GDPR fines with Synopsys' Tim Mackey
Tim Mackey of Synopsys tries to clear up some of the mystery around how GDPR regulators determine the fines levied on companies for major data breaches or privacy violations. Continue Reading
-
News
24 Jul 2019
Citrix breach blamed on poor password security
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. Continue Reading
-
News
22 Jul 2019
Equifax to pay up to $700 million in data breach settlement
Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties and provide credit monitoring services to consumers. Continue Reading
-
News
16 Jul 2019
Experts: Facebook fine by FTC should be wake-up call for all
Facebook will reportedly be hit with a $5 billion fine by the FTC following an investigation into multiple privacy issues, and experts said other enterprises should take note. Continue Reading
-
News
09 Jul 2019
British Airways security incident garners record GDPR fine
The ICO plans to levy a record GDPR fine of nearly $230 million against British Airways for a security incident that led to 500,000 customers having their data compromised. Continue Reading
-
News
03 Jul 2019
FTC settles lawsuit over D-Link security claims
D-Link settled a U.S. Federal Trade Commission lawsuit, which alleged the company failed to take basic steps to address security flaws and weaknesses in its products. Continue Reading
-
News
02 Jul 2019
Huawei ban may be loosened, but details unclear
President Donald Trump promised to loosen trade restrictions on Huawei, while respecting national security concerns, but the details of the changes are still unclear. Continue Reading
-
Feature
24 May 2019
Compliance rules usher in new era for personal data privacy policy
With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information. Continue Reading
-
News
16 May 2019
New executive order moves to ban Huawei
U.S. businesses are barred from dealing with Huawei following an executive order from the White House and the additions of Huawei and its affiliates to a trade blacklist. Continue Reading
-
Feature
15 May 2019
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
News
10 May 2019
Symantec CEO Greg Clark unexpectedly steps down
Cybersecurity giant Symantec is searching for a new CEO once again after Greg Clark unexpectedly resigned from the vendor after three years at the helm. Continue Reading
-
News
22 Apr 2019
Marcus 'MalwareTech' Hutchins pleads guilty to Kronos charges
Marcus 'MalwareTech' Hutchins, known as being an integral player in stopping the WannaCry ransomware outbreak, pleads guilty to conspiring to create and distribute the Kronos banking Trojan. Continue Reading
-
News
08 Apr 2019
Data breach legislation proposes jail time for CIO, HR execs
Sen. Elizabeth Warren takes a swing at corporate negligence in new legislation that may create jail risk for the C-suite. The bill is unlikely to advance, however. Continue Reading
-
Podcast
08 Feb 2019
Risk & Repeat: Apple restores enterprise certificates for Facebook, Google
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity. Continue Reading
-
Feature
01 Feb 2019
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Tip
31 Jan 2019
How to comply with the California privacy act
Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law. Continue Reading
-
News
22 Jan 2019
DNC lawsuit claims Russian hackers attacked again after midterms
A Democratic National Committee lawsuit regarding Russian cyberattacks in the lead-up to the 2016 election now also claims Russia attacked DNC systems after the 2018 midterms. Continue Reading
-
News
11 Jan 2019
Kaspersky Lab aided NSA hacking tools investigation
News roundup: According to a new report from Politico, Kaspersky Lab aided the NSA in catching alleged data thief Harold Martin. Plus, telecoms are selling customer data, and more. Continue Reading
-
News
28 Dec 2018
Government data requests rise, as does Apple's compliance
Apple's latest Transparency Report shows government data requests on the rise around the world, as is Apple's compliance in providing the data being requested by law enforcement. Continue Reading