October Cyber update from the Office of Rob Kleeger
Oct 26, 2023 7:27 pm
,
I hope this email finds you and your loved ones safe, secure, and healthy.
Here we go - the final stretch towards the end-of-year goals. I have enjoyed making the time to enjoy the Cool Fall mornings and evenings by the fire pit.
I am excited to see my lawn so green and full after many years of hard work and getting better with my green thumb.
Like many of you, I have gotten comfortable with the life balance the pandemic brought. That said, I want to begin my 2024 goal of getting back in front of my past referral relationships, providing educational lunch and learns, and connecting good people with good people via a monthly in-person Happy Hour.
Please reach out if you are interested in attending a Happy Hour, want to schedule a meeting if you are in NJ, or of course a 1-on-1 via Video Call regardless.
Use the following link to arrange a date/time to catchup: Meeting Homepage Link
All the best,
Rob Kleeger
1010101001010111010101100010100101010010101
Words of Wisdom:
“People calculate too much and think too little.” ― Charles T. Munger
CURRENT DATA SECURITY NEWS:
23andMe hit with lawsuits after hacker leaks stolen genetics data
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers.
Late last month, a threat actor leaked 23andMe customer data in a CSV file named 'Ashkenazi DNA Data of Celebrities.csv' on hacker forums. The file allegedly contained the data of nearly 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info, genetic predispositions, and more.
Windows 11 21H2 and Windows Server 2012 reach end of support
Windows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday. Starting this week, Microsoft will no longer provide technical assistance and bug fixes for newly identified issues affecting the stability or usability of systems running the two operating systems. "After this date, these products will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates," says Microsoft. This comes after multiple announcements issued by Microsoft since the start of the year, reminding customers that the two Windows versions will reach their retirement date on October 10, 2023.
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
Smart Links are part of LinkedIn's Sales Navigator service, used for marketing and tracking, allowing Business accounts to email content using trackable links to determine who engaged with it.
Also, because Smart Link uses LinkedIn's domain followed by an eight-character code parameter, they appear to originate from a trustworthy source and bypass email protections.
Caesars Entertainment says social-engineering attack behind August breach
In a filing with the Maine attorney general, the gaming company said the attack began in mid-August and impacted tens of thousands of the state’s residents. Caesars Entertainment confirmed that a social-engineering attack beginning in mid-August led to the theft of data from members of its customer rewards program, according to a filing with the Maine attorney general’s office. The social-engineering attack on an outsourced IT support vendor resulted in unauthorized access on Aug. 18 and led to a data breach on Aug. 23, according to information in the Friday filing. The company said the breach was discovered Sept. 7. Caesars did not disclose a total number of customers impacted by the breach at this time.
1010101001010111010101100010100101010010101
CURRENT LEGAL CASE UPDATES:
Bed Bath & Beyond Corp. Sec. Litig., No. 1:22-cv-2541 (TNM) (D.D.C. July 27, 2023)
In this case against Bed Bath & Beyond, its CEO and investor Ryan Cohen over an alleged “pump-and dump” scheme to inflate the value of the stock before selling, Cohen (who had previous investing success with GameStop and others) bought a 9% stake in Bed Bath & Beyond, and with this leverage he made public business recommendations and picked several members for its board of directors. After a series of bad news announcements for Bed Bath & Beyond, CNBC tweeted a negative story about Bed Bath on August 12, 2022, accompanied by a picture of a woman pushing a shopping cart. Cohen responded with a tweet containing a "smiley moon emoji". Judge McFadden stated: “Some online communities understand the smiley moon emoji to mean ‘to the moon’ or ‘take it to the moon.’…In other words, according to Plaintiff, Cohen was telling his hundreds of thousands of followers that Bed Bath’s stock was going up and that they should buy or hold. They did so, sending the price soaring.” Judge McFadden stated: “The questions here thus become: (1) Does the plausibly alleged that the moon emoji has a particular meaning in the context in which it was used? And if so, (2) is that meaning actionable?” In the end, Judge McFadden denied the request to dismiss the claim over the moon emoji tweet, Do you think the moon emoji tweet should have been actionable?
Unauthorized 'rummaging' through opponent's Dropbox leads to sanctions of the law firm Robins Kaplan
(Pursuit Credit Special Opportunity Fund, L.P. v Krunchcash, LLC 2023 NY Slip Op 33448 (U) October 4, 2023 Supreme Court, New York County)
Justice Joel M. Cohen, a trial-level judge in New York, has ordered and sanctioned Robins Kaplan and its client to pay nearly $156,000 for “surreptitiously and repeatedly” accessing the files of their litigation opponent. In addition, Cohen also ordered the return of documents that were not subsequently produced by the Pursuit Special Credit Opportunity Fund in discovery. He warned that he could restrict future discovery requests by Robins Kaplan if they are based on the improper review of the Dropbox files. Cohen cited a “blunt letter” that a Robins Kaplan lawyer sent to Pursuit in November 2022 after reviewing the Dropbox files for about a week. The letter said the firm had downloaded the Dropbox contents, and it was entitled to use every document in the litigation. Cohen called the review of Pursuit’s documents “something more akin to corporate espionage.” Instead of stopping the review and making sure that its client did the same, Robins Kaplan “went on the offensive and threatened to use the information gleaned during its clandestine review for litigation advantage,” Cohen said.
Lawyer pleads guilty in 'Ponzi-type scheme' that cost his clients up to $65M
A former San Antonio lawyer has pleaded to federal charges for persuading his clients to deposit funds with him and then using the money for his benefit. Christopher John Pettit, 56, of San Antonio pleaded guilty to three counts each of wire fraud and money laundering Oct. 5, according to an Oct. 6 press release from the U.S. Department of Justice and stories by Reuters, Law360 and MySA. Pettit engaged in a “Ponzi-type scheme” that resulted in an estimated loss to his victims of between $20 million and $65 million, according to the press release. The press release described three ways that Pettit obtained money from clients before misusing it for his benefit. He claimed that the money would be used for trustee accounts, for investment in high-percentage bonds, and for 1031 real estate exchanges.
1010101001010111010101100010100101010010101
CYBER SECURITY TIPS OF THE MONTH:
October has only one spooky day...Halloween.
Did you know that since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month?
That's a whole month to scare you if you don't pay attention!
Being in the business of reactive and proactive data forensics and data security for over two decades, we see scary every day...which is how we differ from most firms selling cyber security!
My Suggested Tips Always:
* Build a Strong Cyber Security Culture
* Develop a "reasonable and defensible" InfoSec Program which may need to meet regulatory or compliance standards
* Always know the risk method to make informed business decisions
* Implement the "minimum" cyber hygiene:
- Strong Passphrases
- Multi-Factor Authentication
- Encryption (at rest/in transit)
* Confirm and Verify your People, Process, & Technology adhere to the correct Risk Profile
* Identify Overall Gaps, Reprioritize and Remediate - REPEAT ANNUALLY!
* Budget More every year until you hit the above standards
* Prepare for the worst AND Hope for the best!
NOTE: Hope is NOT a Strategy!
1010101001010111010101100010100101010010101
Did you know that Digital4nx Group was recognized by Enterprise Security as one of the Top Security Advisory Services Providers in 2023.
"It was an honor being selected by the Cyber Security Review team to be recognized in a large world of others in the "#cybersecurity" space. Perspective Matters and Digital4nx Group, Ltd. distinguishes itself from its peers based on the reactive digital forensic investigation and litigation services in order to help decision-makers of any type or size business become "Reasonable and Defensible". In addition to the award, Cyber Security Review Magazine featured Digital4nx Group and me in an article in their publication in print and online." - Rob Kleeger (Managing Director)
If you are an attorney who litigates, knows one, or is a responsible business executive that's ass is on the line if a data breach occurs, I would love an exploratory call or introduction!
Please share the above information with those people or arrange an introduction. Look forward to seeing you in the flesh!
1010101001010111010101100010100101010010101
DON'T FORGET :
Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.
Digital Litigation Support Services:
Our digital forensic examiners analyze files and artifacts that are left behind on storage media even after being copied, deleted, or compromised. Throughout our extensive analysis, we strictly comply with the rules of evidentiary preservation to avoid spoliation. This is a critical objective of any digital forensic analysis. Using proven techniques along with best-in-class tools, our experienced digital forensic examiners can safely retrieve and analyze all potential data on any computer system (even deleted files) as well as mobile phones, USB devices, Cloud Accounts, DVRs, and many more electronic media devices.
- Digital Forensic Investigations
- Electronic Discovery, Hosting, Consulting, and Advisory
- Early Case Assessment
- Expert Witness Testimony
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services...
Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- CISO-as-a-service
- Incident Response to Cyber Incidents or Data Breaches