Cybersecurity Newsletter

Funded by the Coastal Node of the Commonwealth Cyber Initiative (COVA CCI), CLCT Cybersecurity and Information Security Newsletter is a monthly publication that highlights cybersecurity-related stories with additional legal analysis. This newsletter aims to explain complex cybersecurity incidents and provide the relevant legal context for all audience levels. Since its first issue, the newsletter has gained additional subscribers from around the world. With the new Virginia Consumer Data Protection Act and a number of cybersecurity-related federal regulations and Executive Orders, the newsletter also serves to inform the audience of significant legal changes that impact the cybersecurity field.

Issue 23


  • President Biden signs an Executive Order to implement a new privacy framework with respect to “Signals” Intelligence

Issue 22


  • New Text-to-Image AI Model allows users to produce pornographic and other controversial content
  • CISA publishes a guide for post-quantum cryptography for critical infrastructure

Issue 21


  • Internet critical infrastructure calls for attention; are undersea cables possible points of failure?
  • The National Credit Union Board proposes cyber incident reporting rules

Issue 20


  • Senate bill aims to implement export controls to protect personal data from unfriendly nations
  • Attorneys serve an anonymous defendant using an NFT

Issue 19


  • New Jersey federal court dismisses lawsuit against TD Bank that alleged its failure to protect against online theft
  • Former employee of a major NFT marketplace charged with wire fraud and insider trading
  • European Council and the European Parliament agree provisionally on an enhanced cybersecurity Directive

Issue 18


  • The Ninth Circuit holds that data scraping of publicly available information does not implicate the CFAA

Issue 17


  • Cyber Incident Reporting for Critical Infrastructure Act of 2022 signed into law

Issue 16


  • The SEC proposes regulations on Cybersecurity Risk Management for Investment Advisers and Companies
  • FBI, NSA, and CISA issue Joint Cybersecurity Advisory alert with respect to State-sponsored Cyber Attacks on Cleared Defense Contractor Networks

Issue 15


  • The Office of Management and Budget publishes Memorandum to set forth a federal Zero Trust Architecture strategy
  • Just-passed Virginia House Bill aims to require mandatory cybersecurity and data breach incident reporting from all state and local government bodies

Issue 14


  • The open source software community and government agencies rush to contain a novel Log4j 2 vulnerability
  • The U.S. Cyberspace Solarium Commission releases white paper focusing on countering disinformation


Issue 13


  • Law enforcement agencies announce the arrest of ransomware suspects and asset forfeiture action
  • Compromised Google Cloud Platform used by threat actors to mine cryptocurrency at others’ expense

Issue 12


  • Police arrest suspect for de-pixelating pornographic videos using AI technology
  • U.S. House Members introduce The Justice Against Malicious Algorithms Act

Issue 11


  • U.S. Department of Justice charges individuals for violating federal export regulations relating to computer hacking
  • Treasury’s Office of Foreign Assets Control publishes updated advisory on ransomware payments

Issue 10


  • TD Bank sued by a customer for failure to protect against online theft
  • Senator Warner introduced legislation to bolster cyber breach notification

Issue 9


  • Threat Actors conduct a series of Supply Chain attacks against Kaseya VSA software to spread ransomware to thousands of businesses
  • NSO Group’s Pegasus spyware allegedly used against non-criminal civilians and journalists worldwide

Issue 8


  • U.S. Supreme Court limits the scope of criminal violation under the Computer Fraud and Abuse Act
  • President Biden signs Executive Order to increase information sharing
  • The Ransomware Task Force issues a comprehensive strategic framework against ransomware

Issue 7


  • Virginia adopts the Consumer Data Protection Act
  • Pennsylvania woman charged with deep fakes cyberbullying

Issue 6


  • President Biden orders multiple U.S. Supply Chain Reviews
  • The SolarWinds hack: SUNSPOT, SUNBURST, and a compromised Office 365 account
  • Hacker Attempted to Control Florida Water Treatment Plant


Issue 5


  • DeFi: High yield and unregulated crypto securities market
  • Microsoft uses Copyright and Trademark Law to combat botnet

Issue 4


  • New Measure of Cyber Power Published: The Belfer National Cyber Power Index 2020
  • Ethereum Classic suffers a third 51% attack in August

Issue 3


  • Police body cameras sold on eBay contain video footage
  • Carnival reported ransomware attack and data breach in SEC filing
  • Blackbaud paid a ransom to mitigate a data breach attack

Issue 2


  • Lawful Access to Encrypted Data Act

Issue 1


  • Security researchers discover eBay is port scanning visitors’ computers
  • A National Security Research Agenda for Cybersecurity and AI
  • External actors motivated by monetary interests drive most breaches (Verizon’s 2020 Data Breach Investigations Report)

This content has been updated on December 1, 2022 at 8:47 pm.