A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.
The BSA Framework for Secure Software tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.
The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.
When an acquirer does not protect itself against a data lemon and seek sufficient information about the target’s data privacy and security compliance, the acquirer may be left with a data lemon.
In 2017, global mobile devices and connections grew to 8.6 billion, and it is estimated that global mobile device traffic will reach almost one zettabyte annually by 2022. These mobile-centric data points coupled with the fact that 85% of criminal investigations include some form of digital data highlight the importance for data and legal discovery practitioners to have a working understanding of how the global law enforcement community considers digital data and devices in their investigative efforts.