Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. From a news article : At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA , a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions.

New Rules Announced for Border Inspection of Electronic Devices


Cloud Security Cryptography Government Mobile Security Privacy ACLU cameras computers digital privacy digital search Electronic Frontier Foundation Encryption passcodes phones reasonable suspicion tablets U.S. The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Keeping up with Quantum Technology | Quantum Computing


While everyone is digging deep into the Artificial Intelligence, Machine Learning, Blockchain and many other new digital transformation phenomena, Quantum Computing has been transformed from theory to reality. Listed under one of the ten strategic technology trends for 2019 according to Gartner, Quantum Computing has been grabbing the headlines. Let’s move to how it’s related to computers. What is Quantum Computing? Quantum Computing quantum computing

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer. When the agent requested that Appellant provide him with the password to the computer, he responded: “It’s 64 characters and why would I give that to you? In Commonwealth v.

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Before the Internet revolution, military-grade electronics were different from consumer-grade.

Security and Privacy Implications of Zoom

Schneier on Security

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. Zoom's encryption is awful.

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. You now actually have to prove the data is encrypted, both at rest and in transit.

MDM 164

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Finding this odd, you turn to your firm receptionist who tells you that the firm was hit with a ransomware attack overnight, and that if you turn on your computer all of your files will be immediately encrypted, subject to a bitcoin ransom.”. Electronic Discovery Security

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

Articles on cloud computing , cybersecurity and websites and marketing were released free online. The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic. Electronic Discovery Privacy Security

Pulse Check- Have You Found Gaps in Your Healthcare Privacy and Security Policies During the Pandemic?


Policy Example #1: Acceptable Use of Computer Equipment and Internet. Policy Contents: Equipment physical security, desk location, encryption, anti-virus software, firewalls, network security and VPN, audits, confidentiality breaches, personal use of equipment/internet/email, employee agreement and signature. Perhaps your healthcare organization, like many others, has had to initiate a remote workforce rapidly in response to COVID-19.

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

Much speculation centered around the name being based on a setting in the 1996 movie Rising Sun; however, it was believed the true authors were several cryptography and computer science experts of non-Japanese descent. The audit trail itself is visible to all participants yet allows encryption of individual transactions. Blockchain Electronic Discovery Project Management

Cellebrite 2019 Report on Industry Trends for Law Enforcement: eDiscovery Trends

eDiscovery Daily

Two most common challenges to extracting data from mobile phones are locked phones and encrypted data. Computers were a distant second at 52% , followed by CCTV (i.e., Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Understanding Blockchain and its Impact on Legal Technology, Part Four

eDiscovery Daily

Thus, it doesn’t have centralized points of vulnerability that computer hackers traditionally exploit. No more “username/password” systems, but rather encryption technology and constantly updating audit trails. Use highest-grade security standards to protect encryption keys. Blockchain Electronic Discovery Project ManagementEditor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.

Cyber Blackmail: More Than Just Ransomware

The Texas Record

Ransomware, which is when a criminal encrypts an organization’s data and then demands payment before releasing the key required to reverse the encryption that is holding the victim’s data hostage, has made international headlines lately. Ransomware Hits CDOT Computers. News Cyber Security electronic records Information Governance Local Governments ransomware security State Agencies

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

NASA employees and contractors should be aware that nation-states and cyber criminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices.” Ensure your NASA electronic devices receive required patches and updates.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. 17, unknown attackers launched a ransomware strain known as Ryuk inside VCPI’s networks, encrypting all data the company hosts for its clients and demanding a whopping $14 million ransom in exchange for a digital key needed to unlock access to the files.

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

The Shamoon “wiper” virus , for instance, devastated Saudi oil company Aramaco, destroying the hard drives of more than 30,000 Aramaco computers and forcing a weeklong shutdown of the company’s internal network. In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats.

Understanding eDiscovery in Criminal Cases, Part Two: eDiscovery Best Practices

eDiscovery Daily

Because more than 90 percent of documents today are generated in electronic format, ESI is becoming more and more prominent in criminal matters, especially white collar criminal cases. This exception is generally allowed for protection of law enforcement officers and may not give them the right to seize a computer unless it poses a threat. If the police have probable cause to believe there is evidence of a crime on a computer, they may search it otherwise they will need a warrant.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. The DPAs state that they are committed to the promotion of the confidentiality and integrity of electronic communications. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen.

Understanding eDiscovery in Criminal Cases, Part Three: eDiscovery Best Practices

eDiscovery Daily

There is no time frame established for this review since it may take a substantial amount of time, especially with encrypted drives. On board computer systems in automobiles, Exif data in digital photos, GPS coordinates in Google maps are all examples of this type of data which has been used as evidence for years. The first is forensic images of computers and cell phones. Criminal Law Electronic Discovery

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

At a first sight, the office document had an encrypted content available on OleObj.1 However, in that time, the EncryptionInfo was holding the encryption algorithm and additional information regarding the payload but no keys were provided. Stage1: Encrypted Content.

Craig Ball of Craig D. Ball, PC: eDiscovery Trends 2018

eDiscovery Daily

A frequent court appointed special master in electronic evidence, Craig is a prolific contributor to continuing legal and professional education programs throughout the United States, having delivered over 2,000 presentations and papers. Craig’s articles on forensic technology and electronic discovery frequently appear in the national media and he teaches E-Discovery and Digital Evidence at the University of Texas School of Law. Electronic Discovery Industry Trends

Appeals Court Holds “Reasonable Suspicion” Required for Forensic Search of Laptop at the Border

Hunton Privacy

The agents then subjected the computer to a forensic analysis and discovered it contained child pornography in portions of the hard drive that had been deleted or protected with passwords. The federal district court ordered suppression of this evidence in the criminal case against Cotterman on the ground that the agents’ forensic analysis of his computer violated the Fourth Amendment’s prohibition on warrantless searches. Federal Law Criminal Law Encryption Mexico Ninth Circuit

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 185

Supply Chain Security 101: An Expert’s View

Krebs on Security

BK: But certainly there are some areas of computer hardware and network design where you absolutely must have far greater integrity assurance? It’s n ow almost impossible to for consumers to buy electronics stuff that isn’t Internet-connected.

How To Protect Yourself From Hackers

Cyber Info Veritas

Before we outline the safety hacks, let us briefly discuss why you need to protect yourself from hackers: How Safe Is Your Data: Why You Need To Protect Yourself From Hackers As the internet, computers, and connected devices (smart homes, smart appliances, etc.)

Step By Step Office Dropper Dissection

Security Affairs

From the recorded traffic it’s possible to see the following patterns: a HTTP GET request with some encrypted information to download plugin/additional stages and finally a HTTP POST to send victim’s data directly on the “attacker side”. The used variable holds a Base64 representation of encrypted data. Even in this case the transmitted content is a Base64 representation of encrypted data. I am a computer security scientist with an intensive hacking background.

The Standards Race of the Future is On

Thales eSecurity

The goal of the project is to create a set of standards for protecting electronic information from attack by the computers of today and in the future. Quantum-resistant algorithms rely on one of four main types of difficult problems, against which quantum computers are thought to offer no benefit: lattices; hashes; codes; or multivariate quadratic polynomial problems.

Podcast Episode 119: EFF on Expanding Researchers Rights and AT&T talks IoT Security Fails

The Security Ledger

In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. ” Kurt Opsahl is the Deputy Executive Director and General Counsel at The Electronic Frontier Foundation.

Understanding IoT Security Challenges – An Interview with an Industry Expert

Thales eSecurity

With IoT PKI, Secure IoT can be accomplished by enabling strong authentication and encryption of communication to ensure the integrity of transactions and data. The Internet of Things (IoT) is rapidly growing and expected to affect all industry verticals as well as our private lives.

IoT 94

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems.

Is Emotet gang targeting companies with external SOC?

Security Affairs

AV and plenty static traffic signatures confirm we are facing a new encrypted version of Emotet trojan. I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. I do have experience on security testing since I have been performing penetration testing on several US electronic voting systems.

Choose the right SAQ to demonstrate PCI DSS compliance

IT Governance

Card imprint machines are non-electronic machines that make an imprint of the payment card, transferring the imprint onto a carbon paper receipt, which is then stored by the merchant. Dial-out terminals are electronic machines that use chip and PIN and swipe cards, or require users to manually key in information. For merchants that don’t store card data in electronic format but use IP-connected point-of-interaction (POI) devices.

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

In this stage the JavaScript is loading an encrypted content from the original JAR, using a KEY decrypts such a content and finally loads it (Dynamic Class Loader) on memory in order to fire it up as a new Java code. I am a computer security scientist with an intensive hacking background.

Protecting Your Company from Employee-Related Data Loss

Armstrong Archives

The problem often occurs after the employee’s termination or resignation: Inadvertent theft: The employee may have access to cloud storage, information stored on a personal computer, mobile apps, and other forms of “shadow IT.” Missing documents from an employee’s computer or company drive. Additional data protection best practices include: Encrypting data. Managing personal electronic use. A company’s data is extremely valuable.

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands. The C2 traffic is encrypted with AES, the public key is generated using the Diffie–Hellman protocol, the network transport is implemented over HTTP(S) with proxy support. “The Office of Information Security (SIS) has, in its several jurisdictions, observed the most recent phishingcampaign most likely to be spread by electronic mail.”

E-Mail Vulnerabilities and Disclosure

Schneier on Security

Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. But first, if you use PGP or S/MIME to encrypt email, you need to check the list on this page and see if you are vulnerable. If not, stop using the encrypted email program entirely until it's fixed. Consider your encrypted email insecure until this is fixed.

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. The encryption is performed by a simple xor having as key the single byte 0 while the encoding procedure is a multi conversion routine which could be summarized as follows: chr(asc(chr(“&h”&mid(x,y,2)))). Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments.

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Security Affairs

The SSL certificate has been released by the “cPanel, Inc“ CA and is valid since 16th August 2018; this encryption certificate is likely related to the previously discussed HTTP 301 redirection due to the common name “ ” found in the Issuer field.