November Cyber update from the Office of Rob Kleeger

Nov 18, 2022 5:56 pm

,


I hope this email finds you and your loved ones safe, secure, and healthy.

image


Perhaps we share similar thoughts and likes, which is why you are receiving this. I hope it's read and appreciated.


It's been quite an interesting year, transitioning back to meeting face to face and while also utilizing the efficiencies of Video Conferencing and new lifestyle of living!


I am thankful for meeting many new people, the opportunities we've had to work together or getting to know you and build a long-term relationship.


May this holiday season bring you joy, happiness, and time to spend with your loved ones.


All the best,

Rob Kleeger


1010101001010111010101100010100101010010101

Words of Wisdom:

"If you strive for the moon, maybe you'll get over the fence"

- James Woods


CURRENT DATA SECURITY NEWS:

Bed, Bath, & Beyond Breach Suffers Data Breach

Reuters recently reported that Bed, Bath & Beyond suffered unauthorized access to their systems. The company addressed the concerns October 28, 2022, stating that a third party had gained access to its data. The potential attacker had access to an employee’s hard drive as well as access to some shared drives. The company stated it's reviewing its systems and data to see if an attacker accessed any sensitive or personally identifiable information (PII).


The home goods retailer added it has no reason to believe that any sensitive or personally identifiable information was accessed and this cybersecurity incident would likely not have a material impact on the company.


Thomson Reuters database leak exposed sensitive platform and customer data

Thomson Reuters acknowledged a database leak that exposed at least 3TB of customer data. According to the Cybernews research team, Thomson Reuters left three databases unsecured for anybody to access without authentication and the passwords were in plaintext format. The data is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums.

At this time, TR believes that a misconfiguration caused the incident on the AWS Elastic Load Balancing service, which led to the service being exposed to the public, aka misconfiguration error. 


Dropbox confirms 130 of its GitHub repositories were stolen in a phishing campaign

Dropbox, a file hosting service, revealed that threat actors successfully targeted and accessed 130 of its GitHub repositories via a phishing attack. The attackers performed a phishing attack and gained employee login credentials to CircleCI, which they then used to access GitHub. Dropbox said that the attacker never had access to the contents of users’ Dropbox accounts, passwords, or payment information. Still, it found evidence of access to code containing some credentials, mainly API keys utilized by developers. The code and data also included thousands of names and email addresses belonging to employers, past and present customers, sales leads, and vendors.


Laptop flaws could help malware survive a hard disk wipe

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.


That matters because Secure Boot, as its name suggests, is a feature that allows a PC's firmware to be "locked down" as a defence against rootkits, ensuring that only trusted cryptographically-signed code can be run at bootup.


1010101001010111010101100010100101010010101


CURRENT LEGAL CASE UPDATES:

“MWK RECRUITING, INC. v. EVAN P. JOWERS, et al.” NO. 1:18-cv-0444 RP, (W.D. Tex. Jan. 22, 2019)

A federal district court judge recently entered a judgment for $3.6 million—before fees and costs—against a former external law firm recruiter. The recruiter left his employer and joined a competitor. But before the recruiter left his former employer, he began using his personal email for candidate submissions and allegedly laundered six lateral candidates through the founder of his new employer. His former employer sued him and alleged that he misappropriated trade secrets and breached non-compete and non-solicitation covenants in his employment agreement.


The district court easily found that the information the recruiter collected about clients and potential clients qualified as a trade secret under Texas law. The court specifically found that the candidates’ names, clients, book value, language skills, goals for switching firms, and their law school records constituted trade secrets. The district court emphasized the recruiter’s testimony that candidates expected their information to be kept confidential and that another recruiter could not simply learn this information and monetize the information.


DR Distribs., LLC v. 21 Century Smoking, Inc., No. 12 CV 50324 (N.D. Ill. Oct. 6, 2022)

What happens when attorneys and their clients disregard both the spirit and letter of the FRCP’s eDiscovery rules? As illustrated in this case, very bad things. 


After more than 8 years, 400+ docket entries, and an almost incomprehensible number of ESI blunders, defendants and their counsel unfortunately found themselves on the exploding end of a 103-page, court-imposed sanctions. Judge Johnston began his order by stating: “If Dante were a judge, he would have placed fee litigation as an inner circle of judicial hell.”

The plaintiffs were awarded $2.5 million.


Instagram scammer pleads guilty to crypto fraud

The DOJ announced that a social media influencer (Jebara Igbara, better known by his Instagram alias of Jay Mazini,) who used his popularity to allay suspicion in a series of scams has pleaded guilty to conning victims out of $8 million, including payments in bitcoin. Igbara fraudulently claimed he would pay up to 5% above the market rate for the cryptocurrency, lying that exchanges were limiting the amount he could purchase. This was done to entice victims into parting with their digital savings – but the traditional money promised to them in return never arrived.


Perhaps this is the new form of the Nigerian Prince email, however, the old adage if something appears "too good to be true”...it probably is still applies!


Hey Lawyers...New ABA Opinion on “Replying All” in Electronic Communications

The American Bar Association released Formal Opinion 503, regarding lawyers who “Reply All” in Electronic Communications. In the absence of special circumstances, lawyers who copy their clients on an electronic communication sent to counsel representing another person in the matter impliedly consent to receive counsel’s “reply all” to the communication. Thus, unless that result is intended, lawyers should not copy their clients on electronic communications to such counsel; instead, lawyers should separately forward these communications to their clients. Alternatively, lawyers may communicate in advance to receiving counsel that they do not consent to receive counsel replying to all, which would override the presumption of implied consent.


If you are in a position or can introduce me too someone who is involved in scheduling or coordinating CLE educational "Lunch and Learn" or LIVE "at the office" events...

Let's start with doing something like that together!


1010101001010111010101100010100101010010101


CYBER SECURITY TIPS OF THE MONTH: 

Companies that handle sensitive data may find themselves the target and victim of cyber- attacks as malicious actors look to harvest that information for their gains. Common threats like malware, ransomware, and Denial of Service (DoS) attacks cost companies money, time, and resources.


Companies seeking greater information security compliance should:


  • Limit access to valuable data to individuals who need it for business purposes only.
  • Vet and ensure that third parties comply with your data practices.
  • Train and educate staff on the best human behaviors for maximum security.
  • Improve cyber hygiene through security audits, such as Ethical Hacking and Risk Assessments.
  • Seek out and put an end to unauthorized data sharing.
  • Create a contingency plan of action in the event of a data breach.


1010101001010111010101100010100101010010101


Did you know that Digital4nx Group was recognized by Enterprise Security as one of the Top Ten Digital Forensic Services companies in 2022.

image

"Being acknowledged as a leader in the industry is a great honor. In addition to the award, Enterprise Security featured Digital4nx Group and me in an article in their publication in print and online." - Rob Kleeger (Managing Director)



If you are an attorney who litigates, know one, or are a responsible business executive that's ass is on the line if a data breach occurs, I would love an explorator call or introduction!

Please share the below information with those people or arrange an introduction.

Look forward to seeing you in the flesh!

DON'T FORGET ABOUT US:

Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.


Our services are commonly used to:

  • React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
  • Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.

image

Cyber Security Services


Digital4nx Group ​helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective​ ​services... Before, During, and After a Data Incident!


We offer a multi-disciplined approach to cyber services such as:



 

Comments