Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as manufacturers try to stay abreast of zero-day vulnerabilities and issue patches as quickly as they can. Microsoft is well-known for its Patch Tuesday, which is a monthly roll-out of the patches for vulnerabilities it has become aware of … Continue Reading
The Department of Homeland Security (DHS) cybersecurity advisory arm issued a warning on its website that “[M]alicious cyber actors are targeting unpatched systems” with a new exploit code that on unpatched systems could spread to millions of computers. The exploit code, called SMBGhost, attacks a security vulnerability in the server message block (SMB) that Microsoft … Continue Reading
On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis. According to Microsoft “[D]uring this time of crisis, as … Continue Reading
Microsoft announced this week that it would extend the consumer rights currently given to California consumers through the California Consumer Privacy Act to all consumers—no matter where they reside. I applaud this move (especially because I don’t reside in CA). But why should my personal information be protected differently than those who live in California? … Continue Reading
Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware that affected hundreds of thousands of machines in 2017. According to the report, 40 percent of Artemis’ health care clients … Continue Reading
The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it. Patching is a very important part of a security plan, but the … Continue Reading
Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware … Continue Reading
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
As had been expected following the passage of the CLOUD Act by Congress last month, the U.S. Supreme Court remanded and ordered the dismissal of the pending United States v. Microsoft Corporation, Inc. case in a per curiam decision issued April 17, 2018. After briefly reviewing the basis for its grant of certiorari in the … Continue Reading
On March 30, 2018, Solicitor General Noel J. Francisco filed a motion with the U.S. Supreme Court in United States v. Microsoft Corporation that seeks to vacate the judgment of the U.S. Court of Appeals for the Second Circuit in the case (which held in favor of Microsoft) and to remand the case with directions … Continue Reading
On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the SCA) by … Continue Reading
Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements. See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing and storage … Continue Reading
In an order issued on October 16, 2017, the U.S. Supreme Court granted certiorari in United States v. Microsoft Corporation, a case with potentially far-reaching implications for the privacy of electronic data maintained by technology companies across the globe. The case, which Robinson+Cole has previously discussed here, here, and here, arises from a warrant obtained … Continue Reading
On June 23, 2017, the Office of the Solicitor General (OSG) filed a petition for a writ of certiorari with the United States Supreme Court requesting reversal of a 2016 decision in which the U.S. Court of Appeals for the Second Circuit quashed a warrant obtained by the Department of Justice (DOJ) under the Stored … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye. Simplistically, it is because those who pay attention to security patches that they receive from technology vendors … Continue Reading
On January 24, 2017, the U.S. Court of Appeals for the Second Circuit denied the Department of Justice’s request for an en banc rehearing in In the Matter of a Warrant to Search a Certain Email Account Controlled and Maintained by Microsoft Corp. a/k/a Microsoft Corp. v. United States (No. 14-2985). The denial leaves in place … Continue Reading
I received a call last week on my home land line and when I picked it up (hardly anyone I want to actually talk to calls my home telephone number) the caller on the other end informed me that he was from “Microsoft 10,” that I had a terrible virus in my computer and that … Continue Reading
The cloud-based file-sharing and collaboration business continues to grow, inspiring competition between two heavy weights: Microsoft and Box. Last week, Box announced over $100 million in third quarter revenue growth despite competing with Microsoft’s OneDrive file share for SharePoint. Aaron Levie, Box CEO and co-founder, believes that “the need for Box is clear; today, business … Continue Reading
In an attempt to reduce fraud and boost passenger safety, Uber is implementing facial recognition technology beginning on September 30. Before starting a driving session, Uber drivers will now be asked to take a photo of themselves “periodically” so that Uber can match that photo against the photo Uber has on file. The driver’s account … Continue Reading
This article co-authored with guest blogger Leonel Gonzalez, a R+C summer associate and student at Roger Williams University School of Law An investigation by France’s National Data Protection Commission (CNIL) has found that Windows 10 has been “collecting excessive user data” and has been tracking users’ web browsing without their consent. The CNIL has ordered Microsoft to … Continue Reading
USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it up and take it to work or home. I find that people are unaware of this … Continue Reading
This is how it should be—private companies working with law enforcement to disrupt evildoers on the Internet. Late last week, Microsoft announced that it teamed up with the Department of Homeland Security, Europol, the FBI, Interpol, the Royal Canadian Mountain Police, the Computer Emergency Response Team Polska, security vendor ESET, and the Canadian Radio, Television … Continue Reading
Microsoft Corporation’s (Microsoft U.S.) reply brief is due this week in its appeal of The District Court for the Southern District of New York’s order to comply with the U.S. government’s warrant requiring the turnover of a customer’s emails stored in Ireland by its Irish subsidiary. The warrant was issued pursuant to the US Stored … Continue Reading
