New Rules Announced for Border Inspection of Electronic Devices

Threatpost

Cloud Security Cryptography Government Mobile Security Privacy ACLU cameras computers digital privacy digital search Electronic Frontier Foundation Encryption passcodes phones reasonable suspicion tablets U.S. The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. From a news article : At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA , a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Keeping up with Quantum Technology | Quantum Computing

Everteam

While everyone is digging deep into the Artificial Intelligence, Machine Learning, Blockchain and many other new digital transformation phenomena, Quantum Computing has been transformed from theory to reality. Listed under one of the ten strategic technology trends for 2019 according to Gartner, Quantum Computing has been grabbing the headlines. Let’s move to how it’s related to computers. What is Quantum Computing? Quantum Computing quantum computing

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Before the Internet revolution, military-grade electronics were different from consumer-grade.

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

Malware, a combination of the terms ‘malicious’ and ‘software,’ includes all malicious programs that intend to exploit computer devices or entire network infrastructures to extract victim’s data, disrupt business operations, or simply, cause chaos. There’s no definitive method or technique that defines malware; any program that harms the computer or system owners and benefits the perpetrators is malware. Computer Viruses. Computer worms.

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs 1 ) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. by encryption). Asia Cloud Computing Cybersecurity

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Finding this odd, you turn to your firm receptionist who tells you that the firm was hit with a ransomware attack overnight, and that if you turn on your computer all of your files will be immediately encrypted, subject to a bitcoin ransom.”. Electronic Discovery Security

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. You now actually have to prove the data is encrypted, both at rest and in transit.

MDM 171

Security and Privacy Implications of Zoom

Schneier on Security

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. Zoom's encryption is awful.

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

Articles on cloud computing , cybersecurity and websites and marketing were released free online. The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic. Electronic Discovery Privacy Security

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

Much speculation centered around the name being based on a setting in the 1996 movie Rising Sun; however, it was believed the true authors were several cryptography and computer science experts of non-Japanese descent. The audit trail itself is visible to all participants yet allows encryption of individual transactions. Blockchain Electronic Discovery Project Management

Cellebrite 2019 Report on Industry Trends for Law Enforcement: eDiscovery Trends

eDiscovery Daily

Two most common challenges to extracting data from mobile phones are locked phones and encrypted data. Computers were a distant second at 52% , followed by CCTV (i.e., Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Understanding Blockchain and its Impact on Legal Technology, Part Four

eDiscovery Daily

Thus, it doesn’t have centralized points of vulnerability that computer hackers traditionally exploit. No more “username/password” systems, but rather encryption technology and constantly updating audit trails. Use highest-grade security standards to protect encryption keys. Blockchain Electronic Discovery Project ManagementEditor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Security Affairs

“Sources told Action News, the cybercriminals gained control of the network on Saturday encrypting files, including police reports, payroll, purchasing, and other databases. “The County of Delaware recently discovered a disruption to portions of its computer network.

Cyber Blackmail: More Than Just Ransomware

The Texas Record

Ransomware, which is when a criminal encrypts an organization’s data and then demands payment before releasing the key required to reverse the encryption that is holding the victim’s data hostage, has made international headlines lately. Ransomware Hits CDOT Computers. News Cyber Security electronic records Information Governance Local Governments ransomware security State Agencies

Understanding eDiscovery in Criminal Cases, Part Two: eDiscovery Best Practices

eDiscovery Daily

Because more than 90 percent of documents today are generated in electronic format, ESI is becoming more and more prominent in criminal matters, especially white collar criminal cases. This exception is generally allowed for protection of law enforcement officers and may not give them the right to seize a computer unless it poses a threat. If the police have probable cause to believe there is evidence of a crime on a computer, they may search it otherwise they will need a warrant.

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

NASA employees and contractors should be aware that nation-states and cyber criminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices.” Ensure your NASA electronic devices receive required patches and updates.

Pulse Check- Have You Found Gaps in Your Healthcare Privacy and Security Policies During the Pandemic?

InfoGoTo

Policy Example #1: Acceptable Use of Computer Equipment and Internet. Purpose: Establishes guidelines for employees to use personal electronic devices including but not limited to personally owned cell phones, tablets, and computers to perform work duties.

The Future of Payments Security

Thales Cloud Protection & Licensing

As the digital economy plays an increasing part in our lives, it is vital that electronic payments are secure, convenient, and accessible to all. There are two ways to protect customers’ PAN, encryption and tokenization. Encryption. The Future of Payments Security. madhav.

Retail 100

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. The DPAs state that they are committed to the promotion of the confidentiality and integrity of electronic communications. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen.

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

There is also less hardware and compute power to work in your typical IoT device when compared to traditional devices, so embedding security becomes a matter of choice, rather than necessity. The same rings true for encryption and authentication. Encryption.

Understanding eDiscovery in Criminal Cases, Part Three: eDiscovery Best Practices

eDiscovery Daily

There is no time frame established for this review since it may take a substantial amount of time, especially with encrypted drives. On board computer systems in automobiles, Exif data in digital photos, GPS coordinates in Google maps are all examples of this type of data which has been used as evidence for years. The first is forensic images of computers and cell phones. Criminal Law Electronic Discovery

European Commission proposes reinforcement of EU Cybersecurity rules

DLA Piper Privacy Matters

A DSP is an information society service that is an online marketplace, an online search engine or a cloud computing service. It is also clarified that data centre services other than cloud computing services are as well covered by the Directive and provides for a definition of this concept.

Craig Ball of Craig D. Ball, PC: eDiscovery Trends 2018

eDiscovery Daily

A frequent court appointed special master in electronic evidence, Craig is a prolific contributor to continuing legal and professional education programs throughout the United States, having delivered over 2,000 presentations and papers. Craig’s articles on forensic technology and electronic discovery frequently appear in the national media and he teaches E-Discovery and Digital Evidence at the University of Texas School of Law. Electronic Discovery Industry Trends

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

The Shamoon “wiper” virus , for instance, devastated Saudi oil company Aramaco, destroying the hard drives of more than 30,000 Aramaco computers and forcing a weeklong shutdown of the company’s internal network. In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats.

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

A cyber attack was detected on the Sopra Steria computer network on the evening of October 20. And part of the information system would have been encrypted.” French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected.

Appeals Court Holds “Reasonable Suspicion” Required for Forensic Search of Laptop at the Border

Hunton Privacy

The agents then subjected the computer to a forensic analysis and discovered it contained child pornography in portions of the hard drive that had been deleted or protected with passwords. The federal district court ordered suppression of this evidence in the criminal case against Cotterman on the ground that the agents’ forensic analysis of his computer violated the Fourth Amendment’s prohibition on warrantless searches. Federal Law Criminal Law Encryption Mexico Ninth Circuit

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 199

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

At a first sight, the office document had an encrypted content available on OleObj.1 Those objects are real Encrypted Ole Objects where the Encrypted payload sits on “EncryptedPackage” section and information on how to decrypt it are available on “EncryptionInfo” xml descriptor. However, in that time, the EncryptionInfo was holding the encryption algorithm and additional information regarding the payload but no keys were provided.

Step By Step Office Dropper Dissection

Security Affairs

From the recorded traffic it’s possible to see the following patterns: a HTTP GET request with some encrypted information to download plugin/additional stages and finally a HTTP POST to send victim’s data directly on the “attacker side”. The used variable holds a Base64 representation of encrypted data. Even in this case the transmitted content is a Base64 representation of encrypted data. I am a computer security scientist with an intensive hacking background.

Supply Chain Security 101: An Expert’s View

Krebs on Security

BK: But certainly there are some areas of computer hardware and network design where you absolutely must have far greater integrity assurance? But the bottom line is that doing this is really much harder [for non-nuclear electronic components] because of all the offshoring now of electronic parts, as well as the software that runs on top of that hardware. It’s n ow almost impossible to for consumers to buy electronics stuff that isn’t Internet-connected.

How To Protect Yourself From Hackers

Cyber Info Veritas

Before we outline the safety hacks, let us briefly discuss why you need to protect yourself from hackers: How Safe Is Your Data: Why You Need To Protect Yourself From Hackers As the internet, computers, and connected devices (smart homes, smart appliances, etc.) As computers and smart devices creep into every crevice of our life, the need to protect yourself from hackers has never been greater. Be on the lookout for “https” encryption on the sites you visit.

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

Any data that can be identifiable on its own or combined with other information, both direct and indirect through electronic or non-electronic systems. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing.

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments.

What is data loss and how does it work?

IT Governance

Unlike desktop computers, laptops don’t have extra covers to protect them from water damage, which increases your risk of electronic components short circuiting. Computer viruses. A computer’s hard drive is its most fragile part.

Is Emotet gang targeting companies with external SOC?

Security Affairs

AV and plenty static traffic signatures confirm we are facing a new encrypted version of Emotet trojan. I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. I do have experience on security testing since I have been performing penetration testing on several US electronic voting systems.