January Cyber update from the Office of Rob Kleeger

Jan 07, 2022 5:30 pm

,


I hope this email finds you and your loved ones safe, secure, and healthy and that you had a joyful, happy time spent with your loved ones.


May 2022 provide you with all the success the world can provide you.


All the best,

Rob Kleeger

1010101001010111010101100010100101010010101

Words of Wisdom:

“Be grateful with everything you have and you will be successful in everything you do.” – Conor McGregor


CURRENT DATA SECURITY NEWS:

LastPass confirms credential stuffing attack against some of its users

On December 28, 2021, LastPass, the password manager app, was accused of a data breach but the company says that's not what happened. LastPass said LastPass’ full statement, provided below:

LastPass investigated recent reports of blocked login attempts and we believe the activity is related to attempted “credential stuffing” activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. It’s important to note that, at this time, we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.  


credential stuffing attack is when hackers take username and password combinations leaked through data breaches and attempt to use them at other online services, hoping that some users reused credentials across different sites.


Credential stuffing attacks have been a pretty common occurrence in recent years, primarily after the leak of billions of user credentials since the mid-2010s.

These types of attacks have typically been aimed at online services like email providers, gaming accounts, social media profiles, and online shopping sites since these are the typical accounts that, when hacked, can be re-sold on cybercrime markets.


If you’re a LastPass user, a good step to take would probably be to activate multi-factor authentication. MFA can add an extra layer of protection against credential-stuffing and other, similar kinds of attacks, so it’s probably a good thing to do, regardless.

1010101001010111010101100010100101010010101


CURRENT LEGAL CASE UPDATES:

Ex-GlaxoSmithKline scientist admits stealing trade secrets for Chinese company

A former GlaxoSmithKline Plc scientist pleaded guilty on Monday to conspiring to steal trade secrets from the British drug manufacturer to benefit a Chinese pharmaceutical company. According to an indictment, from 2012 to 2016, Xi and another GSK scientist, Yu Xue, stole confidential information from GSK about products that were under development and then provided the data for use by Renopharma. Prosecutors said Xue, along with co-defendants Tao Li and Yan Mei, created Renopharma in Nanjing, China, to market and sell the stolen information as its own research and to obtain patents for Renopharma versions of GSK's products. These products typically cost in excess of $1 billion to research and develop. 


“This defendant illegally stole trade secrets to benefit her husband’s company, which was financed by the Chinese government,” said U.S. Attorney Williams. “The lifeblood of companies like GSK is its intellectual property, and when that property is stolen and transferred to a foreign country, it threatens thousands of American jobs and jeopardizes the strategic benefits brought about through research and development. Such criminal behavior must be prosecuted to the fullest extent of the law.”


New Jersey Health Care Providers Will Adopt New Security Measures and Pay $425,000 to Settle Investigation into Two Data Breaches

The first data breach involving RCCA occurred when several RCCA employee email accounts were compromised through a targeted phishing scheme that allowed unauthorized access to patient data stored on those accounts in April-June 2019. The protected information exposed included health records, driver’s license numbers, Social Security numbers, financial account numbers, and payment card numbers. More Than 105,200 Consumers Affected, Including 80,333 New Jersey Residents


Federal Rule of Evidence 702 governs the admissibility of expert testimony. 

The amendments aim to further clarify Rule 702 and ensure that it is applied consistently in the courts. Public comment on the proposed amendments will be open until February 16, 2022.


The federal judiciary's Advisory Committee on Evidence Rules has proposed amending FRE 702 in response to perceived misunderstanding by trial courts of what the rule means and how to apply it. The amendments will expressly state the proponent's burden of proof and focus more attention on the reliability of an expert's final opinion as a function of the methodology applied to the facts of the case.


Federal Rule of Evidence 702, which sets forth the admissibility standard for expert witness testimony, can be one of the most useful weapons in a trial attorney’s arsenal. Because the purpose of Rule 702 is to ensure judges exclude unreliable science from a jury’s consideration, uniform application of the rule is critical.

1010101001010111010101100010100101010010101


CYBER SECURITY TIP OF THE MONTH: 

The new year is a new opportunity to break your poor cyber habits in your digital life.


  • Stop using weak passwords.
  • Thinking before clicking.
  • Not backing up or worse, not testing if the backups can be restored when you need them.
  • Don't give out your credentials or your personal details over the phone based on an email, unsolicited phone call, or text message.
  • ALWAYS USE MULTI-FACTOR AUTHENTICATION

1010101001010111010101100010100101010010101

Don't Forget About Us:

Digital4nx Group, Ltd., a boutique firm that focuses on helping business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident!


Digital4nx Group provides a blend of legal and technology services to Lawyers, Business Owners, IT Professionals, Financial Executives, Trusted Advisors, and Human Resource and Compliance leaders who need a reliable partner to systematically identify, preserve, extract, analyze, and interpret digital evidence.


Our services are commonly used to:

  • React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
  • Proactively identify and provide insights on how to better secure your network and your confidential data

image

Cyber Security Services

Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group ​helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective​ ​services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:


 

Comments