Kari Rollins and Julia Kadish of Sheppard Mullin write: The FTC recently settled with smart lock maker Tapplock, Inc., a Canadian company, over allegations that it deceived consumers with false claims about its product’s security practices. These allegations arose based on vulnerabilities that a security researcher demonstrated – not in the aftermath of a data security breach…
Category: Commentaries and Analyses
Two iOS zero-days used in limited mail attacks
Dennis Fisher writes: Attackers have been exploiting a pair of dangerous vulnerabilities in the default mail app in Apple’s iOS software since at least January 2018 simply by sending specially formatted emails to target devices. The flaws are unpatched and have been present since iOS 6 was released in 2012. The two vulnerabilities have been…
Security researcher discloses four IBM zero-days after company refused to patch
Catalin Cimpanu reports: A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management…
Everyone’s Working From Home Due to the Coronavirus – Is There Insurance Coverage for a Data Breach?
Jeffrey Dennis and Heather Whitehead of Newmeyer Dillion write: Most organizations are now requiring that their employees work from home (“WFH”) with the ongoing COVID-19 (commonly referred to as the Coronavirus) pandemic. These remote working arrangements provide new opportunities for hackers to infiltrate computer systems, and not surprisingly, attempted cyber attacks are on the rise. …
New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks
Peter Marta, Paul Otto, and Timothy Tobin of Hogan Lovells write: Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. The guidance highlights the heightened cybersecurity risks from the current crisis and NYDFS’ expectations that…
Hacking against corporations surges as workers take computers home
Joseph Menn reports: Hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said. […] Software and security company VMWare Carbon Black said this week that ransomware attacks it monitored jumped 148% in…