Security Affairs newsletter Round 293

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 293 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Is Blockchain as Secure as People Think? Maybe Not: Cybersecurity Best Practices

eDiscovery Daily

Last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Friday the 13th is Unlucky for the City of New Orleans. Almost. Maybe.: Cybersecurity Trends

eDiscovery Daily

CST on Friday, according to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness. Electronic Discovery Security

Capture the Flag events and eSports

Adam Shostack

Capture the Flag Events (CTFs) and electronic Sports (eSports) are good examples of a relatively new trend. My conclusion is that CTFs are intrinsically an eSport with the attribute of having a strong educational value. It’s generally a tournament that spawns over hours if not a few days, where teams don’t fight each other, but rather solve problems with security related techniques. They also share the fact that the action is done in front of a computer screen.

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries.

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

I referenced the fact that all 50 states (plus DC, Guam, Puerto Rico and the Virgin Islands) have security breach notification laws , but I was not aware of any specific guidelines or opinions relating to a lawyer’s duty regarding data breach notification. Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Electronic Discovery Security

URLs Aren’t Archives ¯_(?)_/¯, and Other Stories

The Schedule

Importantly, modern institutional archives do not make it a practice of taking things, or blindly capturing online records, without first attempting to secure the rights to do so. Computers made it possible to digitize that microfilm, secure it in a database, distribute publications even more widely. Outreach and Education Uncategorized journalism

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

The lack of effort on security has become a major cause for concern in the profession.”. Articles on cloud computing , cybersecurity and websites and marketing were released free online. The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic. So, the percentage of firms that have experienced a security breach could be quite a bit higher.

Business ID Theft Soars Amid COVID Closures

Krebs on Security

based cyber intelligence firm Hold Security has been monitoring the communications between and among a businesses ID theft gang apparently operating in Georgia and Florida but targeting businesses throughout the United States.

University, Professional Certification or Direct Experience?

Security Affairs

but that recursive question raised a more general question: what are the differences between cybersecurity educational models? The education process is based upon the information to be shared, by meaning that information is the “starting brick” of education. If there is no information to be shared there isn’t an education process. I am a computer security scientist with an intensive hacking background. appeared first on Security Affairs.

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? In this interview, David and I talk about the potential and pitfalls of using machine learning and artificial intelligence in cyber security.

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? In this interview, David and I talk about the potential and pitfalls of using machine learning and artificial intelligence in cyber security.

Ignoring Internet of Things Devices Could Be IdIoTic: eDiscovery Trends

eDiscovery Daily

Earlier this month, the Cloud Security Alliance (CSA) announced the release of the CSA IoT Controls Framework , its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments. The CSA IoT Working Group develops frameworks, processes and best-known methods for securing these connected systems. Electronic Discovery Industry Trends

IoT 44

First Ever Multi-State Data Breach Lawsuit Targets Healthcare Provider: Cybersecurity Trends

eDiscovery Daily

The lawsuit alleges that Fort Wayne-based Medical Informatics Engineering and its subsidiary NoMoreClipboard “failed to take adequate and reasonable measures to ensure their computer systems were protected,” resulting in a 2015 breach that gave hackers access to the personal healthcare information of 3.9 The stolen information included not only identifying details, such as names and Social Security numbers, but also healthcare information, including diagnoses and lab results.

2019 eDiscovery Case Law Year in Review, Part 1

eDiscovery Daily

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment : In Commonwealth v. Case Law Electronic DiscoveryIt’s that time of year again! Time for our annual review of eDiscovery case law! This is our ninth(!)

Uber’s Response to Data Breach? Pay the Hackers to Keep Quiet About It: Cybersecurity Trends

eDiscovery Daily

No Social Security numbers, credit card information, trip location details or other data were taken, Uber said. According to Bloomberg, the breach occurred when two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. Electronic Discovery Privacy Security

Tuesday’s Relativity Fest 2019 Sessions: eDiscovery Trends

eDiscovery Daily

Speakers Include: David Horrigan – Discovery Counsel and Legal Education Director, Relativity; Ignatius Grande – Director, Berkeley Research Group; Ines Rubio – Head of Info Management and Incident Response, BSI; Rosemary Kuperberg – Assistant General Counsel & Data Privacy Officer, Ellucian; Meribeth Banaschik – Partner / Forensics & Integrity Services, Ernst & Young GmbH. Find out: How they really feel about security?

2019 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Yesterday, we looked back at cases related to cooperation, form of production, privilege and confidentiality disputes, social media related disputes and a key case regarding biometric security. Case Law Electronic Discovery

Understanding Blockchain and its Impact on Legal Technology, Part Four

eDiscovery Daily

Security. Thus, it doesn’t have centralized points of vulnerability that computer hackers traditionally exploit. The records on a blockchain are secured through cryptography and network participants have their own private keys that are assigned to the transactions they make and act as a personal digital signature. However, despite inherent properties that provide security, known vulnerabilities in your infrastructure can be manipulated by hackers.

Despite Protective Order, Court Orders Plaintiff to Produce Source Code and Log File Printouts: eDiscovery Case Law

eDiscovery Daily

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data. Case Law Electronic Discovery ProductionIn Opternative, Inc. Jand, Inc., 17-CV-6936 (RA)(SN) (S.D.N.Y.

Hewlett-Packard/Autonomy Deal Results in More Indictments: eDiscovery Trends

eDiscovery Daily

Then, earlier this year , former Autonomy CFO Sushovan Hussain was convicted of 16 counts of wire and securities fraud related to the $10.3 which was formed in the breakup of HP’s corporate computing divisions from its printer and PC business in 2015) praised the indictment. “HPE Electronic Discovery Ethics Industry Trends

Relativity Fest is Here! And So Are We!: eDiscovery Trends

eDiscovery Daily

Actually, it started yesterday, with a few events, including the Welcome Reception and the Beer and Basics: e-Discovery 101 and Relativity Fundamentals session (serving beer and wine at an education session is OK with me!). Speakers Include: David Horrigan – Discovery Counsel and Legal Education Director, Relativity, Justice Tanya Kennedy , New York Supreme Court – New York County, U.S. Using effective data security as a differentiator for your services.

eDiscovery for the Rest of Us: eDiscovery Best Practices, Part Two

eDiscovery Daily

Throughout the case, the plaintiff claimed that the evidence needed to prove the case existed in emails stored on UBS’ own computer systems. That case and the subsequent rule changes effectively forced civil litigants into a compliance mode with respect to their proper retention and management of electronically stored information (ESI). The problems faced by these new rules was the multiplicity of data in electronic formats. Electronic Discovery Outsourcing Pricing

Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends

eDiscovery Daily

An article in Naked Security ( Sacked IT guy annihilates 23 of his ex-employer’s AWS servers , written by Lisa Vaas) reports that the UK’s Thames Valley Police announced on Monday that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for two years at Reading Crown Court following a nine-day trial. Prosecutor Richard Moss noted during the trial that security experts agreed that Voova could have done a better job at security. Electronic Discovery Security

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR). As part of the release, the CSA also launched the CSA GDPR Resource Center , a new community-driven website with tools and resources to help educate cloud service providers and enterprises on the new GDPR.

GDPR 35

Understanding eDiscovery in Criminal Cases, Part Three: eDiscovery Best Practices

eDiscovery Daily

On board computer systems in automobiles, Exif data in digital photos, GPS coordinates in Google maps are all examples of this type of data which has been used as evidence for years. The first is forensic images of computers and cell phones. But as noted above in the Introduction, a Department of Justice/Administrative Office Joint Working Group on Electronic Technology (JETWG) has developed a recommended ESI protocol for use in federal criminal cases.

Public or Private Isn’t the Only Question You Should be Asking about Cloud Solutions: eDiscovery Best Practices

eDiscovery Daily

To begin to understand what we’re talking about, it’s important to define three terms typically related to cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS): Infrastructure as a Service (IaaS) is a service model that delivers computer infrastructure on an outsourced basis to support enterprise operations. The choices they make are based on several factors, including costs and security requirements.

Why Is TAR Like a Bag of M&M’s?, Part Four: eDiscovery Best Practices

eDiscovery Daily

They should be construed, administered, and employed by the court and the parties to secure the just, speedy, and inexpensive determination of every action and proceeding. (emphasis added). And although we have seen ample evidence that computers are faster than humans, speed may not always equate to accuracy. Analysis Electronic Discovery Review Searching

Craig Ball of Craig D. Ball, PC: eDiscovery Trends 2018

eDiscovery Daily

A frequent court appointed special master in electronic evidence, Craig is a prolific contributor to continuing legal and professional education programs throughout the United States, having delivered over 2,000 presentations and papers. Craig’s articles on forensic technology and electronic discovery frequently appear in the national media and he teaches E-Discovery and Digital Evidence at the University of Texas School of Law. Electronic Discovery Industry Trends

2017 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Hornak denied the plaintiff’s Motions to Compel third parties Microsoft, Google and Yahoo to Produce Responsive Documents Pursuant to their Subpoenas, finding that “resolution of this case begins and ends with the Stored Communications Act (‘SCA’), which generally provides that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’”.

Part 1: OMG! Not another digital transformation article! Is it about understanding the business drivers?

ARMA International

This means imaging the “art of the possible” for a new future using a cloud computing model to deliver transformative change. Organizations use DRM technologies and solutions to securely manage intellectual property (IP) rights and monetize the content. Abstract.

RMS annual meeting teaser #2

The Schedule

In my experience working at higher education institutions as an archivist with records management responsibilities, I have found that we are often ignored or forgotten when it comes to decision making, especially in regard to electronic records. At Clemson, the Records Management Team is currently changing that perception and has successfully secured a “seat at the table” by demonstrating our proficiency in understanding Clemson’s information environment.

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. This might be, for example,the victim’s computer, a web page or a physical space in which documents were compromised. The scene of the incident will generally provide you with the clues you need to work out – or at least make an educated guess regarding – who was responsible for the breach and how it occurred. Cyber Security

Cyber is Cyber is Cyber

Lenny Zeltser

Information security? Computer security, perhaps? If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces. Until recently, I’ve had no doubts about describing my calling as an information security professional. Paul Melson and Loren Dealy Mahler viewed cybersecurity as a subset of information security. Blog Information Security

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records. discloses security incident (unknown) St.

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems Agency, Intelligence Advanced Research Projects Activity, USCYBERCOM, NASA and the Department of Defense’s Cyber Crime Center. With employees groomed at the likes of the National Security Agency, U.S

Weekly podcast: NCSC and Kaspersky, parliamentary passwords and macOS High Sierra (again)

IT Governance

The chief executive of the UK’s National Cyber Security Centre, Ciaran Martin, has warned senior civil servants about using Russian antivirus (AV) software in government departments. To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. Dorries tweeted : “My staff log onto my computer on my desk with my login everyday. Cyber Security

How To Build A Cybersecurity Career | What Really Matters

Cyber Info Veritas

By having more cybersecurity professionals, we can enhance security. Unfortunately, and this very fact is very alarming, even though cyber security and IT management in general are some of the fastest-growing and well-paying fields, they are not attracting the talent they need primarily because most graduates do not want to go into employment; they want to create the next Facebook, Snapchat, Twitter, or Microsoft.

Regulation of AI-Based Applications: The Inevitable New Frontier

AIIM

No doubt, applications of AI may address some of the most vexing social challenges such as health, the environment, economic empowerment, education, and infrastructure. The Electronic Frontier Foundation alleges that the legislation’s requirements to disclose the humans who create the bots unduly restraints internet speech which the Supreme Court upheld as protected anonymous speech. Privacy Information Security Artificial Intelligence (AI

The Hacker Mind Podcast: Hacking Charity

ForAllSecure

And now, kids were streaming into their office and getting food education, medical care, my work in Uganda had immediate life changing results right away, Vamosi: You might not think of hackers as charitable people as individuals who might be working to make the world a better place.