21 matches found
NSO Group Spies on People on Behalf of Governments
The Israeli company NSO Group sells Pegasus spyware to countries around the world including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda. We assumed that those countries use the spyware themselves. Now we've learned that that's not true: that NSO Group employees operate the...
The Loper Bright Decision: How it Impacts Cybersecurity Law
The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity...
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019...
Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI
The legal profession is known for being cautious or hesitant to adopt new technologies. However, when it comes to AI, it seems like legal professionals are ready to be on the leading edge of AI implementation. A Thomson Reuters survey of legal professionals found that 82% agree that AI can be...
npelitigation.com Cross Site Scripting vulnerability OBB-3216282
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
nylitigationfirm.com Improper Access Control vulnerability OBB-2179316
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
2020 Was a Secure Election
Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...
Securing the Internet of Things through Class-Action Lawsuits
This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that 1 market realities will produce insecure IoT devices, and 2 political failures will leave that industry unregulated. Result: insecure IoT. It proposes...
Why So Many Businesses Can Never Recover After Cyber Attacks
By Uzair Amir A cyber attack can cripple critical infrastructure and businesses and generate negative press. In other cases, it could open you and your business to litigation. This and other factors can seriously hurt a business, and it forces many of them to pay for data recovery or IT security...
A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)
Potentially Unwanted Programs PUPs: the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from...
Suing South Carolina Because Its Election Machines Are Insecure
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging...
Capital One Fraud Seminar Recap
Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital Ones Fraud Analysis team...
parkervision.com XSS vulnerability
Vulnerable URL: http://www.parkervision.com/company/publicrelations/patentlitigation.php?caseid=1/-///'/"//--...
Home Depot Agrees $19.5 Million To Settle 2014 Breach
Home Depot agreed this week to pay $19.5 million to compensate the 40 million cardholders it said were impacted by a massive 2014 data breach. As part of a proposed settlement by Home Depot, it admits no wrongdoing or liability in the breach, according to court filings with the US District Court...
SQL Injection Vulnerability in Shanghai Jiaoda Withub's Court Litigation Service Platform
Shanghai Jiaoda Withub Information Industry Co., Ltd. is mainly engaged in computer network and network security integration, application software development, building intelligence system integration, as well as agent sales of IT products. The court litigation service platform is one of the...
NSA Says It Will End Access to 215 Records When Authority Ends in November
The National Security Agency says that once its legal authority to conduct Section 215 bulk telephone surveillance ends on Nov. 29, its analysts no longer will be allowed to access the database that holds all of the collected Section 215 records. In May, an appeals court ruled that bulk telephone...
RSA Conference Panel on Threat Information Sharing Bill
SAN FRANCISCO – The House of Representatives is considering a pair of information sharing bills this week. Also up for consideration is a data breach notification bill that is not likely to make it into law any time in the near future. According to a panel of experts at the RSA Conference, the...
Law Firm - Forensics Services
As cyber threats and attacks have increased year over year, Coalfire has seen a drastic increased need for support to law firms in cybersecurity cases. Attacks and threats vary so often, many law firms lack the skills required to properly evaluate cyber-attacks involving their clients. As such la...