In an unprecedented supply chain compromise, the Russian hacking group known as APT 29, or ‘Cozy Bear’ has injected a backdoor into the source code of the SolarWinds Orion product line. This is a serious, far-reaching incident with few parallels in modern cyber history. This may be the largest cyber...
COVID-19 has turbocharged the transition to remote work and digitized business processes like no other time in history. Unfortunately, the rush to adapt to new realities of social distancing in the workplace has led to rushed changes. Companies have adopted policies and procedures that don’t necessarily have security as a...
As with any crisis, the COVID-19 pandemic has seen its fair share of exploitation. These scams run the gamut; from fake testing kits, face mask scams, stimulus payments spoofs. Loan reduction and refinance scams are also seeing an uptick because of the historically low federal interest rates. Scammers are using...
Let’s Encrypt will be revoking up to 3 million of the TLS certificates it had issued. This drastic action is in response to a bug discovered in the validation procedures, which was acknowledged on Feb 29th on their official blog. The flaw was fixed the same day it was discovered....
There has been a LOT of commentary recently from privacy advocates about the ‘War on Encryption’ being waged by certain governments and law enforcement agencies around the world. Honestly, most has been very monolithic, taking an almost adversarial viewpoint of government. Don’t get me wrong, I definitely understand the arguments...
Whether you like it or not, everyone can see which websites you’re visiting. Even when you see that secure padlock in your browser indicating an ‘HTTPS’ secured website, the actual request your computer makes for the website URL was anything but secure. The sad fact is that one of the...
There’s been a LOT of talk about how “quantum computing” will be the death of encryption as we know it. While most of this a just lot of hype, there is some truth to the possibility. And it seems that last week, Google may have reached an important milestone in...
Last week, Microsoft announced MC182605 in their admin Message Center. It describes a long awaited and needed email security feature. Microsoft Outlook mobile apps will soon have built-in support for S/MIME (Secure Multipurpose Internal Mail Extensions). The feature is currently in development, and now expected to start rolling out after...
Earlier this week, the US Government’s Cyber and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security (DHS), issued AR19-133A. This analysis report describes some of the common security holes exposed by a “mix of configurations that lowered their overall security posture.” Here are the main points...
Let’s face it: Law firms have historically been behind the curve when it comes to adopting new technologies. Many are just now realizing the tremendous benefits of electronic document management (EDM) systems. When it comes to storing and retrieving case information compared to the old filing cabinet, there is no...