Google’s definition of ‘private’ is slowly coming to light thanks to a $5B class action lawsuit and recent Congressional hearings. There seems to be some emails and second hand accounts supporting the assertion that Google executives were well aware of how the public might react if they found out that Google and other sites could still track user searches, URL’s and actions while in [...]
Apple plans to start scanning all U.S. iPhones for images of child sexual abuse using a tool called “neuralMatch” or “NeuralHash” against a database of known images. Womble Dickinson’s JDSupra article covers many of the high-level privacy concerns and explores Apple’s plans for a service that will scan encrypted messages for sexually explicit content to provide parental notice. Using a generated hash to check [...]
Got great feedback after my last skirmish with a phishing attempt so here is today’s attempt: [Greg] Hello, how may I help you? [digitized voice] This is Amazon security calling in regard to a recent $1499 purchase. Our system flagged this purchase because of suspicious elements and we need you to either confirm or contest this purchase. To be fair, I buy a lot [...]
Thanks to my friend Jason Velasco for drawing my attention to the article Hidden Dangers of Microsoft 365’s Power Automate and eDiscovery Tools. Hitesh Sheth at DarkReading.com is extrapolating from a massive data collection study from 4 million Cognito Detect for Office 365 customers by Vectra. I am not sure that I agree with his red flag alert that hackers are actively using Power [...]
Because MSFT Admin notices are not posted in a public facing site, I am attaching a PDF of the notice below. Cyber threats and indirect hacking attempts have blossomed in the pandemic remote working age. I brought this change up to cyber security guru John Wilson (HaystackID) on a webinar prep call today. He commented that this could be the equivalent of ‘rolling out [...]
Good summary and perspective by Doug. First a bit of context and techno translation. The Orion Platform is SolarWinds’ primary systems management bundle for on-premise and hybrid environments. SolarWinds’ products cover the breadth of IT management. That means the hacked version of Orion gave the hackers potential access to servers, applications, databases, storage and more. I have struggled to keep up with the new [...]
The matter and article highlight the increased risk that corporate trade secrets and confidential data may be disclosed by the largely remote corporate workforce. I appreciate the well-structured guidance and concrete action steps proposed. The authors recommendation to perform an IP audit is a good starting point. However, I would add the need for automated categorization solutions that flag and highlight files and communications [...]
The legal hold notice market is dominated by cloud services that use a wide variety of security methods to send out your notices from their trusted domains. Having implemented a large number of these systems recently, I can tell you how difficult it can be to establish that trust relationship and bypass all the spam/virus/phishing filters to ensure that all custodians receive their hold [...]
Good find by Doug (who credits his wife) on Upturn.org’s new report on the widespread use of Mobile Device Forensic Toolkits like Cellebrite or Access Data by law enforcement. Aside from the civil liberties issues, I want to draw corporate litsupport/compliance/security attention to the logical progression that looms. The latest Gallup poll shows that 58% of employees work remote sometimes or always. I can [...]