placeholder

A Warship on the Network? A New Cybersecurity Challenge

Similar to wardriving, when you cruise a neighborhood scouting for Wi-Fi networks, warshipping allows a hacker to remotely infiltrate corporate networks by simply hiding inside a package a remote-controlled scanning device designed to penetrate the wireless network–of a company or the CEO’s home–and report back to the sender.

placeholder

Equifax to Pay $575 Million as Part of 2017 Data Breach Settlement

“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

placeholder

Weaponizing Security? The Emerging Role of the CISO in eDiscovery

The role of the Chief Information Security Officer (CISO) is becoming the norm in eDiscovery companies as these companies grow their client base and venture into compliance and data breach prevention services. In fact, one industry expert sees the CISO role also being weaponized to support the sales function during client discussions about security.

placeholder

A Security Cause to Pause: The Microarchitectural Data Sampling (MDS) Vulnerability

A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.

placeholder

BSA Releases Framework for Secure Software

The BSA Framework for Secure Software tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.

placeholder

A Practical and Looming Danger? SHA-1 Collision Attacks

The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.

placeholder

Choosing a Cloud Provider for Business Innovation

Much of the discussion about cloud services remains focused on the needs of less-mature organizations and on technical rather than business considerations. Debate concentrates on whether to move to the cloud, which workloads are best to “lift and shift” from a cost, security and compliance perspective or how to avoid supplier lock-in, currently one of the biggest concerns when moving to the cloud.

placeholder

Utah: A Leader in Digital Privacy

Utah Gov. Herbert signed off this week on a bill that positions Utah as the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information. The bill, HB57, establishes that a warrant must be secured before law enforcement may access electronic data held by a third party, thus protecting information passed to a third party such as Dropbox or Google Drive.

placeholder

Drunks, DNA and Data Transfer Risk in eDiscovery

Just as there are many tasks in electronic discovery, many times there are multiple technologies and platforms involved in the complete electronic discovery process. When there are multiple technologies and platforms involved, data must be transferred from disparate technologies and platforms to other disparate technologies and platforms. This data transfer can be considered a risk factor that impacts the overall electronic discovery process.