Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. From a news article : At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA , a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions.

RCE flaw in Electronic Arts Origin client exposes gamers to hack

Security Affairs

Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts (EA) has addressed a vulnerability in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts already released a security patch for the remote code execution vulnerability.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Keeping up with Quantum Technology | Quantum Computing

Everteam

While everyone is digging deep into the Artificial Intelligence, Machine Learning, Blockchain and many other new digital transformation phenomena, Quantum Computing has been transformed from theory to reality. Listed under one of the ten strategic technology trends for 2019 according to Gartner, Quantum Computing has been grabbing the headlines. Let’s move to how it’s related to computers. What is Quantum Computing? Quantum Computing quantum computing

More Attacks against Computer Automatic Update Systems

Schneier on Security

As in the ASUS case, the samples were using digitally signed binaries from three other Asian vendors: Electronics Extreme, authors of the zombie survival game called Infestation: Survivor Stories , Innovative Extremist, a company that provides Web and IT infrastructure services but also used to work in game development, Zepetto, the South Korean company that developed the video game Point Blank.

Arrow Electronics to Leave ITAD Sector

InfoGoTo

Global ITAD services provider Arrow Electronics will close the asset disposition side of its business by the end of the year after the company experienced two quarters of worsening financial returns. Arrow expects that the wind-down of the personal computer and mobility asset disposition business will be substantially complete by the end of 2019.

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.

Tuesday’s Relativity Fest 2019 Sessions: eDiscovery Trends

eDiscovery Daily

As we noted yesterday , the 2019 Relativity Fest conference is going on this week, CloudNine is once again here as a Sponsor and Exhibitor and I will be covering the show for eDiscovery Daily. The 2019 International Panel. Last January, during the 2019 MIT Computational Law Course, one of the standout modules of the course focused on how information could be atomized, standardized, and configured to yield more dynamic possibilities beyond e-discovery.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”

Top 11 EDI (Electronic Data Interchange) Software Solutions

Cllax

In it’s simplest form EDI can be defined as the transfer of structured data, by agreed message standards, from one computer system to another without human intervention. What is EDI? In essence, it. Software and Tools

Tools TSLAC Uses To Access and Make Available Older Formats

The Texas Record

If you’ve ever taken our Managing Electronic Records class or perused our electronic records webinars, you’re aware that a major responsibility for storing records electronically is providing continuous access to those records throughout their life cycle. The first section of the post will focus on electronic forms while the second second will focus on analog formats. Electronic Formats. Electronic records can come in many shapes and sizes.

Cellebrite 2019 Report on Industry Trends for Law Enforcement: eDiscovery Trends

eDiscovery Daily

Cellebrite recently conducted an industry trends survey targeting Law Enforcement and reported the results in their 2019 Report on Industry Trends for Law Enforcement (link to download the free report available here , hat tip to Rob Robinson’s Complex Discovery site for the reference ). Computers were a distant second at 52% , followed by CCTV (i.e., The post Cellebrite 2019 Report on Industry Trends for Law Enforcement: eDiscovery Trends appeared first on CloudNine.

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Krebs on Security

In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Section 8 involves the surreptitious installation of computer programs on computers or networks including malware and spyware. “CASL defines spam as commercial electronic messages without consent or the installation of software without consent or the intercepting of electronic messages,” Barratt said.

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. “In reality, enumeration of these prefixes has shown that the number of online devices was ~1,517,260 in March 2019.

IoT 206

2019 eDiscovery Case Law Year in Review, Part 1

eDiscovery Daily

years, let’s take a look back at 2019! Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment : In Commonwealth v. The post 2019 eDiscovery Case Law Year in Review, Part 1 appeared first on CloudNine.

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

The new app, now being used by agencies in several states, is the brainchild of computer scientists from the University of California San Diego and the University of Illinois Urbana-Champaign , who say they developed the software in tandem with technical input from the U.S. The researchers will present their work on Bluetana later today at the USENIX Security 2019 conference in Santa Clara, Calif.

2019 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Your Web browser knows how to find a Web site name like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage.

Feds Target $100M ‘GozNym’ Cybercrime Network

Krebs on Security

“pablopicasso,” “salvadordali,” and “karlo,” was key player in the GozNym crime group who used stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal their money through electronic funds transfers into bank accounts controlled by fellow conspirators. 30, 2019.

2019 eDiscovery Case Law Year in Review, Part 4

eDiscovery Daily

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

Such bona fides led to the inaugural private “by invitation” Global Cyber Innovation Summit (GCIS) in Baltimore in May 2019. Later in that decade, Frederick Terman returned to Stanford from Harvard as dean of the engineering school and encouraged the development of electronics in local businesses. Kleiner was the founder of Fairchild Semiconductor and Perkins was an early Hewlett-Packard computer division manager.) There’s oil in the state of Maryland – “cyber oil.”

250 Webstresser Users to Face Legal Action

Krebs on Security

In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week. “Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to use these wisely,” Europol said.

Old Tech Spills Digital Dirt on Past Owners

Threatpost

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined. Cryptography Privacy data breach data disposal data integrity data wiping hard drives insecure data leaky data old electronics personal identifiable information PII secure data

Booter Boss Interviewed in 2014 Pleads Guilty

Krebs on Security

pleaded guilty this week to one count of conspiracy to cause damage to Internet-connected computers and for his role in owning, administering and supporting illegal “booter” or “stresser” services designed to knock Web sites offline, including exostress[.]in According to the government, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C.

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs 1 ) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. 2 Circular to Licensed Corporations – Use of external electronic data storage (October 31, 2019).

Court Denies Criminal Defendant’s Motion to Suppress Evidence Obtained via Warrantless Search: eDiscovery Case Law

eDiscovery Daily

6, 2019) , Oregon District Judge Karin J. The defendant was also subject to the Oregon National Guard’s acceptable use policy and Employees of the Oregon National Guard, including the defendant, were required to sign the policy before they received computer access.

Friday the 13th is Unlucky for the City of New Orleans. Almost. Maybe.: Cybersecurity Trends

eDiscovery Daily

” As a precautionary measure, the NOLA tweet confirmed, the city’s IT department gave the order for all employees to power down computers and disconnect from Wi-Fi. Electronic Discovery Security

Archive-It Partner News, February 2019

Archive-It

Mar 3-6: Electronic Resources & Libraries – Austin, TX. Mar 26-28: Computers in Libraries – Arlington, VA. by the Archive-It team. Community News. Join the Archive-It open call on February 27. We invite you to join the next open call with the Internet Archive’s Director of Web Archiving, Jefferson Bailey, and Archive-It’s Senior Program Manager, Lori Donovan, at 11AM Pacific (2PM Eastern, 7PM GMT) on Wednesday, February 27.

With No Showing of Prejudice, Court Denies Spoliation Sanctions Against Defendant: eDiscovery Case Law

eDiscovery Daily

May 21, 2019) , Oklahoma Magistrate Judge Frank H. McCarthy, finding that the plaintiffs “have not demonstrated they have been prejudiced” by the loss of the plaintiff former employee’s work computer, denied the plaintiffs’ motion for sanctions “without prejudice to reassertion of the motion if through discovery it is determined that some specific evidence is beyond Plaintiffs’ reach” for the defendant’s “clear failure” to preserve the computer. In Mafille v.

Microsoft sued North Korea-linked Thallium group

Security Affairs

Defendants are engaged in breaking into the Microsoft accounts and computer networks of Microsoft’s customers and stealing highly sensitive information.”

DHS report – Voting systems in North Carolina county in 2016 were not hacked

Security Affairs

Computer faults that disrupted voting in a North Carolina county in 2016 were not caused by cyber attacks, a federal investigation states. The investigation involved 21 laptops used for the voters’ identification and experts performed a forensic exam of the seized computers.

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. Asia Computer Crimes Cybersecurity Data Breaches Financial Privacy Information Security International SEC

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. Asia Computer Crimes Cybersecurity Data Breaches Financial Privacy Information Security International SEC

DDoS-for-Hire Services operator sentenced to 13 months in prison

Security Affairs

“An Orland Park, Illinois, resident was sentenced yesterday to 13 months in prison, followed by three years of supervised release on one count of conspiracy to cause damage to internet-connected computers for his role in owning, administering and supporting illegal booter services that launched millions of illegal denial of service, or DDoS, attacks against victim computer systems in the United States and elsewhere.” Sergiy P. ,

Why Are Businesses Opting for Edge, AI, and IoT – and Are They Wise to Do So?

ARMA International

Edge computing is increasingly associated with at least two “trending” terms in the IT and information arenas: Internet of Things (IoT) and artificial intelligence (AI). Broadly speaking, the term refers to computing that’s done at or near the source of the data. These great distances can result in delays in computing, which can impact an organization’s capacity to optimally analyze and leverage its data.

Homemade TEMPEST Receiver

Schneier on Security

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing.

Scraping the TOR for rare contents

Security Affairs

First of all you need an exceptional computational power (RAM mostly) for letting multiple runners grab web-pages, extracting new links and re-run the scraping-code against the just extracted links. While during Q1 (2019) most of the scraped websites were absolutely up- and-running on Q2 (2019) I see, most of the scraped hidden services, dismissed and/or closed even if they persists in the communication channels (IRC chat, Pasties, Telegram, etc.).

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

of Williams Mitchell and originally published in the 2019 Winter edition of The Arkansas Lawyer and republished on JD Supra (The Lawyer’s Duty When Client Confidential Information is Hacked From the Law Firm, hat tip to Sharon Nelson’s terrific Ride the Lightning blog for the reference ) takes a look at a lawyer’s duties following a data breach and discusses the requirements of ABA Formal Opinion 483 , which was issued in October 2018. Electronic Discovery Security

The Myth of Consumer-Grade Security

Schneier on Security

Before the Internet revolution, military-grade electronics were different from consumer-grade. That started to change in the 1980s, when consumer electronics started to become the place where innovation happened. And a lot of battle-hardened technologies are the same computer hardware and software products as the commercial items, but in sturdier packaging. The US nuclear system Barr mentions is one such example -- and it uses ancient computers and 8-inch floppy drives.

Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data

Hunton Privacy

On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S. law to protect electronic information that individuals have shared with certain third parties. Representative Craig Hall, R-Utah, who introduced the bill, stated that the goal “is to provide the same protections we have in the physical world and apply those to the electronic world.”

Is Emotet gang targeting companies with external SOC?

Security Affairs

SOC report 10 12 2019.doc ( 6125489453c1824da3e28a54708e7c77875e500dd82a59c96c1d1e5ee88dcad7 ) is the delivered file sent on Oct 11, 2019, 11:06:09 PM from grecia@ambientehomedecor.com. I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna.