Similar to wardriving, when you cruise a neighborhood scouting for Wi-Fi networks, warshipping allows a hacker to remotely infiltrate corporate networks by simply hiding inside a package a remote-controlled scanning device designed to penetrate the wireless network–of a company or the CEO’s home–and report back to the sender.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The role of the Chief Information Security Officer (CISO) is becoming the norm in eDiscovery companies as these companies grow their client base and venture into compliance and data breach prevention services. In fact, one industry expert sees the CISO role also being weaponized to support the sales function during client discussions about security.
A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.
The BSA Framework for Secure Software tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.
The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.
When an acquirer does not protect itself against a data lemon and seek sufficient information about the target’s data privacy and security compliance, the acquirer may be left with a data lemon.
Much of the discussion about cloud services remains focused on the needs of less-mature organizations and on technical rather than business considerations. Debate concentrates on whether to move to the cloud, which workloads are best to “lift and shift” from a cost, security and compliance perspective or how to avoid supplier lock-in, currently one of the biggest concerns when moving to the cloud.
Utah Gov. Herbert signed off this week on a bill that positions Utah as the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information. The bill, HB57, establishes that a warrant must be secured before law enforcement may access electronic data held by a third party, thus protecting information passed to a third party such as Dropbox or Google Drive.
Just as there are many tasks in electronic discovery, many times there are multiple technologies and platforms involved in the complete electronic discovery process. When there are multiple technologies and platforms involved, data must be transferred from disparate technologies and platforms to other disparate technologies and platforms. This data transfer can be considered a risk factor that impacts the overall electronic discovery process.