January Cyber update from the Office of Rob Kleeger
Jan 19, 2023 8:31 pm
,
Happy New Year. I hope were able to spend time for yourself and your loved ones during the New Year.
Best wishes for a successful and healthy 2023!
All the best,
Rob Kleeger
1010101001010111010101100010100101010010101
Words of Wisdom:
"Somewhere, something incredible is waiting to be known.” – Carl Sagan
1010101001010111010101100010100101010010101
CURRENT DATA SECURITY NEWS:
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said.
Microsoft provides insights that every organization needs to defend themselves
The end of December, 2022, Microsoft released their Digital Defense Report, an exhaustive digital threat analysis that chronicles some of the biggest trends and threats for the year. Microsoft placed heavy emphasis on the actions of state actors in their report, covering the actions of nation state actors, cyber influence operations, and the defense of critical digital infrastructure. The other big topic this year was Microsoft’s dedication to Cyber Resilience and critical importance of basic cybersecurity hygiene. You can find the full report here:
Mailchimp Suffers Another Security Breach Compromising Some Customers' Information
Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.
"The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack," the Intuit-owned company said in a disclosure. The development was first reported by TechCrunch.
Average cost of a data breach expected to hit $5 million in 2023
Acronis reported that threats from phishing and malicious emails have increased by 60% and the average cost of a data breach could reach $5 million this year. The report found that between July and October, the proportion of phishing attacks had risen by 1.3 times, accounting for 76% of all attacks.
1010101001010111010101100010100101010010101
CURRENT LEGAL CASE UPDATES:
Sanders v. The University of Idaho, College of Law, et al., No. 3:19-cv-00225-BLW (Oct. 7, 2022).
UI received multiple complaints about the climate, culture, and work environment at UI’s College of Law in or around winter 2018. These complaints included overarching concerns about gender and sex discrimination under UI leadership. At issue in the spoliation motion were the notes taken by the human resources coordinator during the 32 interviews upon which the CCR was based.
The court focused on the following to ultimately grant the motion for sanctions upon a finding of spoliation of evidence:
- The University had an obligation to preserve the climate review interview notes
- The University was on notice of the potential relevance of the evidence
- The destroyed interview notes are relevant to the litigation
Ultimately, the court found that sanctions were appropriate in this case given the circumstances and a finding that the destruction of the interview notes was deemed willful. The court granted a permissive adverse inference instruction, which permits a jury to presume the lost evidence is relevant and favorable to the requesting or the other party.
Proskauer Rose LLP v. O’Brien, S.D.N.Y., No. 1:22-cv-10918 (1/4/2023)
The former Proskauer Rose executive accused of stealing sensitive business secrets from the law firm has lost his job at rival Paul Hastings in wake of Proskauer’s lawsuit against him. Former Proskauer Rose chief operating officer Jonathan O’Brien has lost his new job after he was accused in a lawsuit of downloading and printing sensitive information, including partner pay and evaluations. O’Brien had planned to begin work at Paul Hastings, his lawyer, Russell Beck, told Law.com, Reuters and Bloomberg Law in a statement.
U.S. District Judge John P. Cronan of the Southern District of New York issued a temporary restraining order Dec. 28 that barred O’Brien or anyone who has notice of the order from disseminating, copying or using Proskauer’s proprietary or confidential information.
Password Manager LastPass Sued Over Allegedly Misleading Data Breach Notices
An anonymous plaintiff filed a putative class action against LastPass US LP (LastPass) in the District of Massachusetts in connection with a data breach that affected the password management tool revealed over the summer.
The filing describes Defendant as a “password and identity management services company” and seeks relief on behalf of a nationwide class of “All persons whose personal information was accepted, compromised, copied, stolen and/or exposed as a result of the LastPass Data Breach.”The plaintiff says the victims suffered from a “massive months-long data breach that began in August 2022 [that] impacted the highly sensitive data of potentially millions of LastPass users…” Plaintiff asserts six causes of action: Negligence; Breach of Contract/Breach of Implied Covenant Good Faith and Fair Dealing; Breach of Implied Contract (which is pled in the alternative to the Breach of Contract cause of action); Unjust Enrichment; Breach of Fiduciary Duty; and Declaratory Judgment and Injunctive Relief.
FTC proposed ban on noncompetes may face strong resistance
The U.S. Federal Trade Commission earlier this month proposed a sweeping ban on noncompete agreements in employment contracts, but opponents say its implementation could be delayed or prevented by litigation charging the agency has exceeded its authority. The 216-page proposal issued Jan. 5 would ban employers nationally from imposing noncompetes on their workers, regardless of their salary level, and would apply retroactively.
Traditional noncompetes generally use nonsolicitation or nondisclosure restrictions instead to deter departing employees from taking clients with them. Businesses should continue it's approach to noncompetes by asking their employees to sign nonsolicitation agreements. Even if the FTC rule is approved, these arrangements will remain intact.
1010101001010111010101100010100101010010101
CYBER SECURITY TIPS OF THE MONTH:
Top 11 keyboard shortcuts everyone should know:
- Selecting all of your text: Ctrl + A
- Copy and paste: Ctrl + C and Ctrl + V
- Finding a keyword in a text: Ctrl + F
- Navigating between browsers and applications: Alt + Tab. Navigate between tabs: Alt + Shift + A (Command + Shift + A on Mac).
- Undo and redo: Ctrl + Z and Ctrl + Y
- Print: Ctrl + P
- Save: Ctrl + S
- Italicize, Bold, and Underline: Ctrl + I, Ctrl + B, Ctrl + U
- Zoom in and Zoom out: Ctrl +, Ctrl-
- Windows key + E — Open File Explorer.
- Windows key + L — Lock your PC. This keeps all your apps open, but requires you to unlock your PC before using them again.
1010101001010111010101100010100101010010101
DON'T FORGET ABOUT US:
Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training
- CISO-as-a-service