This week on Cyber Matters, Tanner Wilburn, Katherine Kennelly, and Zach Smith begin with Google's decision to end its plans to ban third-party cookies, discussing the implications for user privacy and online advertising.

They then explore recent developments in the cybersecurity industry, including Google's failed acquisition of Israeli cybersecurity company Wiz and Mimecast's successful acquisition of Code 42. They also discuss Apple's warnings to Indian iPhone users about potential "mercenary spyware" attacks and the legal brief filed by major tech firms supporting a journalist targeted by NSO Group's spyware.

They cover KnowBe4's inadvertent hiring of a North Korean hacker and the potential reporting obligations for companies following the recent Crowdstrike outages. The podcast also touches on the FTC's not-so-new guidance on hashing and anonymization, as well as their investigation into "surveillance pricing" practices.

State privacy laws are discussed, with a focus on Colorado's universal opt-out shortlist and a recent BIPA decision regarding Samsung's face-scanning feature. The hosts also cover recent fines and settlements involving Meta, Oracle, and TracFone related to various privacy and data protection violations.

If you enjoy the show, share and leave us 5 stars!

Links from the show:

https://www.linkedin.com/company/cyber-matters-podcast/

https://www.cooley.com/news/insight/2024/2024-07-22-sec-reporting-implications-for-publicly-traded-companies-impacted-by-crowdstrike-defective-software-update

https://www.techtarget.com/whatis/feature/AI-lawsuits-explained-Whos-getting-sued

https://www.lawfaremedia.org/article/lawfare-podcast-orin-kerr-and-asaf-lubin-apple-v-nso-group

This week on Cyber Matters, Tanner Wilburn and Katherine Kennelly begin with the widespread outages caused by a CrowdStrike update, discussing the implications for IT practices and the importance of testing updates before deployment.

They then explore the dismissal of most of the SEC's lawsuit against SolarWinds and its former CISO, Timothy Brown. They provide background on the SolarWinds Orion software compromise and analyze the court's decision, particularly highlighting the setback for the SEC's authority in cybersecurity regulation.

In data breach news, they discuss the arrest of a suspected Scattered Spider hacker in the UK and the ongoing costs of the Change Healthcare ransomware attack for UnitedHealth. They also cover a class-action lawsuit against a law firm related to a data breach.

The podcast touches on allegations that AWS leased infrastructure to NSO Group, known for its controversial spyware. They also discuss a lawsuit against Patagonia for alleged violations of California privacy law from 1967 and explore the broader trend of CIPA litigation.

In AI news, the hosts cover updated USPTO guidance for AI-related patent applications and Meta's decision not to offer future multimodal AI models in the EU. The episode concludes with a brief mention of Google's potential $23 billion acquisition of cybersecurity startup Wiz.

Linkedin: https://www.linkedin.com/company/cyber-matters-podcast/

A breakdown of USPTO Guidance: https://www.intellectualpropertylawblog.com/archives/uspto-issues-ai-subject-matter-eligibility-guidance/

This week on Cyber Matters, host Tanner Wilburn and guests Katherine Kennelly and Zach Smith cover a wide range of cybersecurity, privacy, and technology law topics. They begin with a discussion of AT&T's massive data breach disclosure, highlighting the company's use of SEC guidance on cybersecurity incident reporting and the involvement of the Department of Justice in delaying public disclosure.

The hosts then explore the ongoing fallout from the MOVEit breach one year later, using it as a case study to anticipate potential consequences for Snowflake's recent data breach. They discuss the legal and financial implications for Progress Software, the company behind MOVEit.

CISA Director Jen Easterly's recent comments on ransomware payments are examined, along with the broader debate on whether to ban such payments. The hosts also delve into CISA's proposed Cyber Incident Reporting for Critical Infrastructure Act regulations and industry reactions.

In regulatory news, they cover the 6th Circuit's stay on the FCC's net neutrality rules and provide historical context for the ongoing debate over internet regulation. The podcast touches on several Big Tech stories, including OpenAI's "Strawberry" project, Microsoft's board seat changes at OpenAI, and Apple's antitrust maneuvers in the EU.

The hosts discuss Meta's relaxation of restrictions on former President Trump's social media accounts and the potential implications of the Supreme Court's SEC v. Jarkesy decision on Meta's dispute with the FTC. They also cover the official publication of the EU AI Act and its significance for businesses operating in Europe.

National security topics include expanded U.S. Treasury reviews of foreign real estate purchases near military bases, Microsoft's potential investment in UAE's G42 AI firm, and updates on TikTok-related legislation. The hosts also discuss a new software supply chain security bill and Germany's decision to phase out Huawei and ZTE components in 5G infrastructure.

The episode concludes with updates on Pennsylvania's amended data breach notification law and a local ransomware attack affecting Monroe County, Indiana.

LinkedIn Page:

https://www.linkedin.com/company/cyber-matters-podcast

Ransomware Resources:

https://www.lawfaremedia.org/article/ofac-the-ransomware-gangs#:~:text=In%20a%20nutshell%2C%20OFAC%20can,in%20other%20words%2C%20ransomware%20gangs.

https://securityandtechnology.org/virtual-library/memo/roadmap-to-potential-prohibition-of-ransomware-payments/