BEC and Call – Business E-Mail Compromise Leads to Liability

When William Darby went to work as a securities broker in October of 2018, little did he know that he was going to not only have a bad day, but ultimately a bad career. Darby’s firm fell victim to an increasingly common form of attack — a Business E-Mail Compromise, or BEC attack. An unknown hacker…

Details

NSA and FBI Take Different Paths for Cybersecurity

When NSA security researchers learned that the methods used by Microsoft Windows 10 machines to examine digitally signed code (like that used to install patches) had a vulnerability which would have allowed the Agency to slip in malware, they had to debate the best method of protecting the nation. On the one hand, they could…

Details

Update on Iowa

Yesterday, I wrote about two employees of CoalFire who were arrested for performing a physical pen test of various courthouses in Iowa. The article focused on the need to have a well-defined Statement of Work and contract. Well, guess what. The State of Iowa Judicial Branch released exactly these documents. And guess what? Page 12 of the…

Details

Data Privacy – I Do Not Think That Word Means What You Think it Means

On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…

Details

Security status unknown

Do CEOs and Boards have any idea what the company’s cybersecurity status is? Cybersecurity and privacy compliance should be a top priority of the Board of Directors and senior management of any publicly traded company, right? Not so fast, kemo sabe. The problem is, everyone thinks that their problems, their issues, their topics should be…

Details

All’s Fair in Love and Cyberwar

Von Clausewitz said that war is diplomacy by other means. If that’s true, then litigation — particularly divorce and custody litigation is war by other means.  And in war, there are casualties. In modern custody and divorce litigation, one of the casualties is cybersecurity and privacy. And the courts don’t seem to care. At all.…

Details