December 15, 2022
Volume XII, Number 349
December 15, 2022
– CFPB Fall Supervisory Highlights Find Credit Reporting Failures, Junk…by: Moorari Shah and A.J.S.Dhaliwal
– Labor Board Returns to ‘Overwhelming Community of Interest’ Standard…by: Jonathan J.Spitz and Richard F.Vitarelli
– NLRB Expands Make-Whole Remedy to Include ‘Direct or Foreseeable’…by: C.
Thomas Davis and Zachary V.Zagger
– Beyond Backpay: Labor Board Adds Extra Compensation to Employees in ‘…
by: Jonathan J.Spitz and Richard F.Vitarelli
– Special Delivery: NLRB Returns to Obama-Era Standard to Limit…by: Michael J.
Lebowich and Joshua S.Fox
– Recent Developments to the 340B Drug Pricing Program [PODCAST] by: Victoria K.Hamscho and Andrew D.Ruskin
– Festive NLRB Provides Holiday Gifts to Unions/Employees by: Robert E.Entin
– Third Circuit: Whistleblowers Are Not Shielded From Discipline for…by: Steven J Pearlman and Pinchos (Pinny) Goldberg
– Psychedelic Drugs – Easing the Regulatory Hurdles for Development by: Lauren P.Carboni and Devaki Patel
– CFPB and State Regulators Hone in on Interest-Bearing Crypto Accounts by: Moorari Shah and A.J.
S.Dhaliwal
– U.S.Supreme Court to Decide Whether Appeal of Denial of Motion to…
by: William Robert Gignilliat, IV and Samia M.Kirmani
– OCC Revises Policies and Procedures for Civil Money Penalties by: Moorari Shah and A.J.S.Dhaliwal
– Several New Group Health Plan Reporting Deadlines Are Approaching –…
by: Nick J.Welle and Hannah R.Demsien
– CMS Includes MAOs in Data Exchange and Prior Authorization…by: Christine M.Clements and Sheela Ranganathan
– Abortion-Related Time Off After Dobbs: How the FMLA and Other Laws…by: Frank C.Morris, JR and Susan Gross Sholinsky
– Battle Lines Drawn on Electric Vehicle Tax Credit Specifics by: William Ball
– Emerging Threats: Cyber Attacks and Side-Channel Evolution by: Iliana L.
Peters and Colin H.Black
– ’Tis the Season for California’s 2023 Legislative Update: Employer…by: Vanessa C.Krumbein and Rana Ayazi
– Guide to Creating a Corrective Action Plan Template by: Dr.Nick Oberheiden
– Ten Environmental and Energy Issues to Watch in 2023 by: J.Michael Showalter and Amy Antoniolli
– Treasury Announces a Second Application Round for ECIP Investments by: Neil E.Grayson and Robert Klingler
– S.D.N.Y.
Voids ERISA Plan’s Arbitration Provision by: Joseph E Clark and Daniel B.Wesson
– Michigan Minimum Wage and Paid Leave Update: Agency Guidance and the…
by: Emily M.Petroski and Allan S.Rubin
– NLRB Reinstates “Micro Unit” Standard Making it Easier for Unions to…by: James J.
La Rocca and Robert T.Dumbacher
– Love and Marriage: How the Respect for Marriage Act Affects Employers…by: J.William Manuel and Anne R.
Yuengert
– DHS Issues Guidance on Additional H-2B Temporary Nonagricultural…by: Jessica Feinstein
– 12 Days of CRM: Day 1 – How to Measure CRM Success by: Christina R.Fritsch JD
– Staff Says Some Non-GAAP Financial Disclosures Are Beyond Redemptive…
by: Keith Paul Bishop
– A Direct Hit: NLRB Expands Make-Whole Remedies to Cover All “Direct…
by: Michael J.Lebowich and Joshua S.Fox
– NLRB Dramatically Increases Liability for Unfair Labor Practices with…by: Adam C.Abrahms and Neresa A.De Biasi
– False Claims Act: Prediction on Supreme Court Ruling on Government…by: Lori A.Rubin and Pauline R.
Wizig
– Proxy Season Greetings: ISS and Glass Lewis Announce Policy Updates…by: Colleen Hart and Andrea S Rattner
– Supreme Court Declines to Clarify FCA Pleading Standard by: Scarlett Singleton Nokes and Virginia C.Wright
– Full Speed Ahead: District Court Entitled to Explore Litigation…by: Amol Parikh
– Economically Motivated Adulteration in Honey by: Food and Drug Law at Keller and Heckman
– China Announces New Management Measures for Food-Related Products by: David J.Ettinger and Eric Gu
– Ratings Agencies Increase Focus on “Green Ratings” by: Jacob H.Hupart
– Increased Federal Attention to Skilled Nursing Facility Compliance…
by: Anne M.Murphy and Rachel Hold-Weiss
– European Commission to Start Adequacy Decision Adoption Process for…
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
– Applying Collateral Estoppel in IPRs by: Alexandra Cavazos, PhD
– Appellate Court Addresses How Much Information Employee Must Submit…by: Tasos C.Paindiris and David Mohl
– Improving Liquidity Through Real Estate Sale and Leaseback…by: Simone Wijngaard and Alexander van Hövell
– The Ultimate Lawyer Time Off Checklist by: Kamron Sanders
– PTO Announces Cancer Moonshot Expedited Examination Pilot Program by: Bernard P.Codd
– Do Law Firms Use HubSpot? by: CRM News and Updates, Lawmatics
– Litigation Minute: Year in Review—Trending Topics Across the 2022…by: Lindsay Sampson Bishop and Jacquelyn S.
Celender
– The State of ESG Reporting in Australia by: Clive Cachia and Adam Levine
– Supreme Court to Hear Case on Whether Lawsuits are Stayed During…by: Ron Chapman, Jr.and Zachary V.Zagger
December 14, 2022
– Certain Green Cards Getting 24-Month Extensions as USCIS Deals With…by: Michael H.Neifach
– Ankura CTIX FLASH Update – December 13, 2022 by: Ankura Cyber Threat Investigations and Expert Services
– Australia: Climate and Sustainability-Related Financial Disclosure…
by: Jim Bulling
– Ankura CTIX FLASH Update – December 9, 2022 by: Ankura Cyber Threat Investigations and Expert Services
– New Washington State Guidance A Reminder That More State Pay…
by: Aaron Vance
– Washington Supreme Court Affirms Ecology’s Authority to Bypass…by: Erika H.Spanton and Allyn L.Stern
– NLRB Unleashes New Damages Against Labor Law Violators by: Mark J.Neuberger
– Illinois Appellate Court Weighs in on Biometric Data Policies by: David M.Poell and Kari M.
Rollins
– FTC Issues Green Guides Questionnaire by: Phyllis H.Marcus
– Traveling for the Holidays: Planning for Successful International…by: Ann H.Lee and Michael J.Bonsignore
– NYC Council Considering Proposal To Significantly Limit At-Will…by: Evandro C Gigante and Joseph C O’Keefe
– Webinar Recording: Navigating Today’s Privacy Compliance…by: Cynthia J.
Larose
– Pennsylvania Takes Emergency Action to Regulate Conventional Oil…by: David J.Raphael and Brianna K.Edwards
– A Look At The Upcoming European Unitary Patent And Unified Patent…by: Angela B.Freeman, M.S.and Rory P.
Pheiffer
– Massachusetts Unveils New Workplace Poster, Notifications for…by: Rachel Reingold Mandel and Ashley Prickett Cuttino
– US Executive Branch Update – December 14, 2022 by: Stacy A.Swanson
– Michigan Court of Appeals Hears Argument on the Adopt and Amend…by: Luis E.Avila and Maureen Rouse-Ayoub
– California Wage and Hour Issues for Employers to Watch in 2023: Is My…by: Karen E.Wentzel and Michael W.
Kelly
– AML Bill Key to Busting Russian Oligarchs by: Stephen M.Kohn and Grace Schepis
– SEC and CFTC Whistleblower Programs Reveal Continued Success…by: Jason Zuckerman and Matthew Stock
– Prices Keep Rising: Labor Board Significantly Expands Remedies…by: David J.
Pryzbylski and Aaron Vance
– More on Understanding the Medicare Overpayment Appeals Process by: Kendall R.Walker and Courtney G.Tito
– New York State Provides Protection for Use of Leaves of Absence by: Jonathan A.Wexler
– US Executive Branch Update – December 13, 2022 by: Stacy A.
Swanson
– Looking Ahead to 2023: Pay Transparency Developments by: Allan S Bloom and Evandro C Gigante
– What Does 2023 Hold for California COVID-19 Supplemental Paid Sick…by: Benjamin A.Tulis
– AND ANOTHER ONE! TCPA CLASS DISCOVERY LIMITED: Third Party Subpoena…by: Jenniffer Cabrera
– Reminder: New Tax Forms for Retirement Plan Payment Withholding…
by: Jeffrey M.Holdvogt and Diane M.Morgenthaler
– Ninth Circuit Answers Lingering Question on Scope of ‘Autodialer…by: Joseph C.
Wylie II and Nicole C.Mueller
– Speak Out Act Takes Effect, Enhanced Data Privacy Obligations for…
by: George Carroll Whipple, III
– Preparing for New SBA Certification Requirements for Veteran-Owned…by: Erin L.Toomey and Frank S.Murray
– California Starts Mandating Employee Bereavement Leave in 2023 by: Paul R.Lynd
– HHS Bulletin: Covered Entities’ Disclosure of PHI Collected via…by: Ryan P.
Blaney and Danielle L.Brooks
– When 2 Minus 1 Still Equals 2: Combining Lots in a Planned Community by: Dana M.
Lingenfelser and Kristin D.Mitcham
– GREAT LEGAL WORK: TCPA Defendant Wins a HUGE Certification Victory…
by: Eric J.Troutman
– 401(k) Compliance Check #12: Don’t Borrow Trouble – Correcting…by: Belinda S.Morgan
– FDA Published Food Safety Culture Literature Review by: Food and Drug Law at Keller and Heckman
– Does a business have to provide a privacy notice directly to a…by: David A.Zetoony
– New Privacy Enforcement Act Commences in Australia by: Cameron Abbott and Rob Pulham
– NYC Delays Enforcement of Automated Employment Decision Tools Law to…by: Lindsay Colvin Stone
– U.S.
Department of State to Update Design on Nonimmigrant and…by: Ashley K.Kerr
– Cannon Fire: Newly-Famous Judge Stays All Discovery in TCPA Class…by: Eric J.Troutman
– EPA Announces Proposed RFS for 2023-2025, Will Hold Public Hearing in…by: Lynn L.Bergeson and Carla N.
Hutton
– Why Do Law Firms Need CRM? by: CRM News and Updates, Lawmatics
– This California Rule by: Keith Paul Bishop
– Unintended Consequences: Legal Compliance Concerns With Long-Term…
by: Amber K.Dodds and Robert S.Nichols
– UK Parliament Considers Retained EU Law (Revocation and Reform) Bill…by: Emma Thomson
December 13, 2022
– DOL Issues Final Rule Amending Investment Duties Regulation –…by: James Frazier
– Third time lucky or Schrems III? The European Union Data Pact with…
by: Diletta De Cicco and James Downes
– Renewed Era of Crypto Assets Growth in Hong Kong by: Jay Lee
– Division I Universities Must Be Ready for Changes to the NCAA…
by: Paul V.
Kelly
– U.S.Supreme Court Hears Oral Argument in Case Testing Limits of…by: Michelle E.Phillips and Christopher M.Repole
– Damages in Pre-Certification Discovery are Premature, Discovery…by: Jenniffer Cabrera
– When Chains Change, Do NFTs Stay The Same? How Hard Forks May Affect…
by: Jason H.Finger
– COVID-19: A Roadmap to Fraud Investigations: Office of Inspector…by: Stephen D.Bittinger
– DOJ Settlement with Electronic Health Records Provider Highlights…by: Ty E.Howard and Lane M.
Webster
– Update: OFCCP Plans to Disclose EEO-1 Data for Non-Objecting…by: Abby M.
Warren
– Increasing US Enforcement Action for Sanctions Violations by Crypto…by: Hannah Laming and Adam Klauder
– DOJ Antitrust Division and HHS OIG Enter into Partnership to Increase…by: Diane Hazel
– Can Discovery Be Compelled from a Party? Possession, Custody, Control…by: Kathryn C.Cole
– Weekly Bankruptcy Alert December 13, 2022 by: Bankruptcy & Creditors’ Rights
– California’s Newly Adopted “Safe Harbor” Warning Label for Acrylamide…by: Taryn McPherson and Whitney Jones Roy
– Considerations for Public Company Bylaw Amendments in View of the New…by: Frank M.Placenti and Doron Lipshitz
– All Things Chemical® Podcast: TSCA Regulation of Articles: The Saga…
by: Lynn L.Bergeson
– Telecom Alert: Providers Support 10-10.5 GHz NPRM; FCC Blocks Student…
by: Jaimy “Sindy” Alarcon and Jim Baller
– New DOL Rule Enables Consideration of ESG Factors in Investing, Plus…by: Johnjerica Hodge and Danette R.Edwards
– Energy & Sustainability M&A Activity — December 2022 by: Thomas R.
Burton, III and Sahir Surmeli
– Court Holds NC State Health Plan Constitutes “Health Program or…by: Caroline Turner English and Alison Lima Andersen
– Energy & Sustainability IP Updates — December 2022 by: Brad M.Scheller
– Another Block Falls: BlockFi Files for Chapter 11 Protection,…
by: David A.Lopez-Kurtz and Alex J.Albers
– SEC Reopens Proposal on Stock Buyback Rules by: Erin Reeves McGinnis
– IRS Announces 2023 Increases to Estate and Gift Tax Exclusions by: Katlyn E.Koegel and Stephen C.Rohr
– FDA Letter States that β-Nicotinamide Mononucleotide is Not Lawful…by: Food and Drug Law at Keller and Heckman
– New York City’s Automated Employment Decision Tools Law Enforcement…by: Adam S.Forman and Nathaniel M.
Glasser
– Chips Chatter: December 5-12, 2022 by: Pablo E.Carrillo and Ludmilla L.Kasulke
– FTC Releases Tentative Agenda for December 14 Open Commission Meeting by: Hunton Andrews Kurth’s Privacy and Cybersecurity
– How Many Behavioral Advertising Trackers Do Websites Deploy Currently? by: David A.Zetoony
– FRB Proposes Climate-Related Financial Risk Management Principles by: Daniel Meade
– Energy & Sustainability Litigation Updates — December 2022 by: Jacob H.Hupart
– Investor-State Arbitration: 2022 ICSID Rule Amendments and Update on…by: Joseph J.Mamounas and Claudia D.Hartleben
– Warning Sign? A New Round of FDA Warning Letters Over CBD Consumer…
by: J.Hunter Robinson and Josh Kleppin
– Cross Border Recognition, 25 years on: the view from each side of the…
by: Michelle N.Saney
– A New Era of Technology in the Private Markets by: Louis Lehot and Christopher Converse
– New York City Postpones Enforcement of Automated Employment Decision…by: Simone R.D.Francis
– New Law Seeks To Curtail Coerced Debts by: Keith Paul Bishop
– Republican SEC Commissioners Continue to Criticize Proposed Climate…by: Jacob H.Hupart
December 12, 2022
Emerging Threats: Cyber Attacks and Side-Channel Evolution
“Side-Channel” attacks generally refer to a type of criminal cyber attacker activity that exploits vulnerabilities so that the attacker can collect and analyze “leakage” of data from a device, as a means to identify certain operations occurring within the device.
While the attackers perpetrating these types of exploits remain sophisticated, certain technologies now used by attackers make such activities much easier.Entities should consider whether they could fall victim to these types of attacks, particularly for entities that must comply with HIPAA, NIST, ISO or other compliance requirements, including those observing FIPS 140-3.
How These Attacks Work
As noted, Side-Channel attacks refer to attacks that exploit vulnerabilities related to the data “leakage” from an electronic device.The data “leakage” may be information about acoustics, optical, cache or memory table read operations, power analysis, or other artifacts resulting from the functions of the device.
For these purposes, think of Hollywood’s portrayal of safecracking.In those movies, the master safe-cracker does not need to know the combination to open the safe; rather, they listen for movement within the mechanisms of the lock itself.When they hear the audible “click” of a tumbler (or more realistically, a certain “pattern” of clicks), they can deduce the combination to the lock based on acoustic “leakage” from the safe.Similarly, in Side-Channel attacks, instead of listening for tumbler clicks, the attacker might “listen” for changes in device functions.
For example, an attacker could feasibly observe small changes in power consumption or electromagnetic field analysis and use such information to make certain inferences about what the device may doing.In a more famous context, certain consumer desktop processors contained a flaw that allowed an attacker to use speculative computing data to access the contents of privileged memory (i.e., “Spectre” and “Meltdown” attacks).
Why Side-Channel Attacks Are in the News
As noted, Side-Channel attacks are not novel.However, certain technologies are making them more viable for a determined attacker.
For example, the writers of a 2020 paper used pattern recognition to break a fairly strong encryption.If attackers can obtain certain tools, they can undertake similar and more sophisticated attacks, as well.Unfortunately, most current encryption methods are not designed to resist these types of attacks.
Will this Affect Your Entity?
To date, we have not yet seen malicious “Exploitation-as-a-Service” options offered by cyber attackers, as we have seen with ransomware and other types of cyber-attacks.However, sophisticated cyber attackers may begin to leverage these tools more in the near future.Relatedly, as these tools improve, cyber attackers may begin to offer their services to other criminals as well, to proliferate these types of attacks, including through “man-in-the-middle” attacks and those involving transmitters.
Entities involved in essential or critical infrastructure industries (including organizations involved in communications, energy, emergency services, commercial facilities, financial services, health care and information technology) should understand these types of threats, and their vulnerability to them.For example, from a risk management perspective, organizations should identify risk to appropriately mitigate, outsource, or accept it.NIST identified “Side-Channel resistance” as one of the primary criteria by NIST for cryptography standardization.
The renewed interest in Side-Channel attacks through machine learning and mid to long range communication technologies should serve as an early warning for organizations that have a low tolerance for cyber risk.
As is common with new exploits, we expect that the most interesting applications will affect the victims of advanced persistent threats (“APTs”) first and will advance to the general stream of private industry and criminality as accessibility and profitability improve..