Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Tsakalidis said that he had contacted Electron about the vulnerability but that he had gotten no response -- ­and the vulnerability remains.

Keeping up with Quantum Technology | Quantum Computing

Everteam

While everyone is digging deep into the Artificial Intelligence, Machine Learning, Blockchain and many other new digital transformation phenomena, Quantum Computing has been transformed from theory to reality. Let’s move to how it’s related to computers. What is Quantum Computing?

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New Rules Announced for Border Inspection of Electronic Devices

Threatpost

Cloud Security Cryptography Government Mobile Security Privacy ACLU cameras computers digital privacy digital search Electronic Frontier Foundation Encryption passcodes phones reasonable suspicion tablets U.S. The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs 1 ) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. by encryption). Asia Cloud Computing Cybersecurity

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Electronic Discovery Security

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. You now actually have to prove the data is encrypted, both at rest and in transit.

MDM 169

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

Articles on cloud computing , cybersecurity and websites and marketing were released free online. The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic.

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

Much speculation centered around the name being based on a setting in the 1996 movie Rising Sun; however, it was believed the true authors were several cryptography and computer science experts of non-Japanese descent. Blockchain Electronic Discovery Project Management

Cellebrite 2019 Report on Industry Trends for Law Enforcement: eDiscovery Trends

eDiscovery Daily

Two most common challenges to extracting data from mobile phones are locked phones and encrypted data. Computers were a distant second at 52% , followed by CCTV (i.e., Electronic Discovery Industry Trends Mobile Devices

Understanding Blockchain and its Impact on Legal Technology, Part Four

eDiscovery Daily

Thus, it doesn’t have centralized points of vulnerability that computer hackers traditionally exploit. No more “username/password” systems, but rather encryption technology and constantly updating audit trails. Use highest-grade security standards to protect encryption keys.

Cyber Blackmail: More Than Just Ransomware

The Texas Record

Ransomware, which is when a criminal encrypts an organization’s data and then demands payment before releasing the key required to reverse the encryption that is holding the victim’s data hostage, has made international headlines lately. Ransomware Hits CDOT Computers.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

NASA employees and contractors should be aware that nation-states and cyber criminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices.” Ensure your NASA electronic devices receive required patches and updates.

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

The Shamoon “wiper” virus , for instance, devastated Saudi oil company Aramaco, destroying the hard drives of more than 30,000 Aramaco computers and forcing a weeklong shutdown of the company’s internal network. In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats.

Understanding eDiscovery in Criminal Cases, Part Two: eDiscovery Best Practices

eDiscovery Daily

Because more than 90 percent of documents today are generated in electronic format, ESI is becoming more and more prominent in criminal matters, especially white collar criminal cases. This exception is generally allowed for protection of law enforcement officers and may not give them the right to seize a computer unless it poses a threat. If the police have probable cause to believe there is evidence of a crime on a computer, they may search it otherwise they will need a warrant.

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 247

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. The DPAs state that they are committed to the promotion of the confidentiality and integrity of electronic communications. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen.

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

At a first sight, the office document had an encrypted content available on OleObj.1 However, in that time, the EncryptionInfo was holding the encryption algorithm and additional information regarding the payload but no keys were provided. Stage1: Encrypted Content.

Understanding eDiscovery in Criminal Cases, Part Three: eDiscovery Best Practices

eDiscovery Daily

There is no time frame established for this review since it may take a substantial amount of time, especially with encrypted drives. On board computer systems in automobiles, Exif data in digital photos, GPS coordinates in Google maps are all examples of this type of data which has been used as evidence for years. The first is forensic images of computers and cell phones. Criminal Law Electronic Discovery

Craig Ball of Craig D. Ball, PC: eDiscovery Trends 2018

eDiscovery Daily

A frequent court appointed special master in electronic evidence, Craig is a prolific contributor to continuing legal and professional education programs throughout the United States, having delivered over 2,000 presentations and papers. Craig’s articles on forensic technology and electronic discovery frequently appear in the national media and he teaches E-Discovery and Digital Evidence at the University of Texas School of Law. Electronic Discovery Industry Trends

Step By Step Office Dropper Dissection

Security Affairs

From the recorded traffic it’s possible to see the following patterns: a HTTP GET request with some encrypted information to download plugin/additional stages and finally a HTTP POST to send victim’s data directly on the “attacker side”.

Supply Chain Security 101: An Expert’s View

Krebs on Security

BK: But certainly there are some areas of computer hardware and network design where you absolutely must have far greater integrity assurance? It’s n ow almost impossible to for consumers to buy electronics stuff that isn’t Internet-connected.

Appeals Court Holds “Reasonable Suspicion” Required for Forensic Search of Laptop at the Border

Hunton Privacy

The agents then subjected the computer to a forensic analysis and discovered it contained child pornography in portions of the hard drive that had been deleted or protected with passwords. The federal district court ordered suppression of this evidence in the criminal case against Cotterman on the ground that the agents’ forensic analysis of his computer violated the Fourth Amendment’s prohibition on warrantless searches. Federal Law Criminal Law Encryption Mexico Ninth Circuit

How To Protect Yourself From Hackers

Cyber Info Veritas

Before we outline the safety hacks, let us briefly discuss why you need to protect yourself from hackers: How Safe Is Your Data: Why You Need To Protect Yourself From Hackers As the internet, computers, and connected devices (smart homes, smart appliances, etc.)

The Standards Race of the Future is On

Thales eSecurity

The goal of the project is to create a set of standards for protecting electronic information from attack by the computers of today and in the future. In the public-key encryption and key establishment selections, 53% of the second-round candidates are based on lattice problems.

Is Emotet gang targeting companies with external SOC?

Security Affairs

AV and plenty static traffic signatures confirm we are facing a new encrypted version of Emotet trojan. I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna.

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments.

Choose the right SAQ to demonstrate PCI DSS compliance

IT Governance

Card imprint machines are non-electronic machines that make an imprint of the payment card, transferring the imprint onto a carbon paper receipt, which is then stored by the merchant. For merchants that process cardholder data via a virtual payment terminal rather than a computer system.

Protecting Your Company from Employee-Related Data Loss

Armstrong Archives

The problem often occurs after the employee’s termination or resignation: Inadvertent theft: The employee may have access to cloud storage, information stored on a personal computer, mobile apps, and other forms of “shadow IT.” Missing documents from an employee’s computer or company drive.

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands. The C2 traffic is encrypted with AES, the public key is generated using the Diffie–Hellman protocol, the network transport is implemented over HTTP(S) with proxy support.

E-Mail Vulnerabilities and Disclosure

Schneier on Security

Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. If not, stop using the encrypted email program entirely until it's fixed.

Podcast Episode 119: EFF on Expanding Researchers Rights and AT&T talks IoT Security Fails

The Security Ledger

In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. ” Kurt Opsahl is the Deputy Executive Director and General Counsel at The Electronic Frontier Foundation.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems.

Understanding IoT Security Challenges – An Interview with an Industry Expert

Thales eSecurity

With IoT PKI, Secure IoT can be accomplished by enabling strong authentication and encryption of communication to ensure the integrity of transactions and data. The Internet of Things (IoT) is rapidly growing and expected to affect all industry verticals as well as our private lives.

IoT 94

OilRig APT group: the evolution of attack techniques over time

Security Affairs

They begun development by introducing crafted communication protocol over DNS and later they added, to such a layer, encoding and encryption self build protocols. I am a computer security scientist with an intensive hacking background.

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

In this stage the JavaScript is loading an encrypted content from the original JAR, using a KEY decrypts such a content and finally loads it (Dynamic Class Loader) on memory in order to fire it up as a new Java code. I am a computer security scientist with an intensive hacking background.

Iran-linked APT34: Analyzing the webmask project

Security Affairs

Then a well-known Haproxy is used as High Availability service for assuring connections and finally certbot (Let’s Encrypt) is used to give valid certificate to squid3 (but it’s not a mandatory neither a suggested step). I am a computer security scientist with an intensive hacking background.