#InformationSecurity News - China Stole Data From Major U.S. Law Firms

A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune.

The incidents involved hackers getting into the email accounts of partners at well-known firms, and then relaying messages and other data from the partners’ in-boxes to outside servers.

In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing around seven gigabytes of data, according to information obtained by Fortune. That figure would typically amount to tens or hundreds of thousands of emails.

Read the exclusive story at Fortunehttp://fortune.com/2016/12/07/china-law-firms

#InformationSecurity News - iPhones Secretly Send Call History to Apple

Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption.
But private information still escapes from Apple products under some circumstances. The latest involves the company’s online syncing service iCloud.
Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.
“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.

Read the full story at The Intercept: https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says

Upcoming - Meet@Markley: Experts from SMP Share Security and Incident Response Best Practices

WHO: Peter Bamber, CISA, CRISC, CISSP,  vice president, Information Security Consulting Services and Ed Greenberg, senior solutions account director for Security Management Partners

WHAT: Will will explore today’s cybersecurity trends and share tips for businesses during an upcoming Markley Group lunch and learn event. 

WHEN: Thursday, October 27, 2016 at 12:00 p.m. EDT 

WHERE:  Markley Group Offices - 1 Summer Street, Boston, Mass. 

WHAT:  Every day security breaches are dominating the news making the importance of IT security unmistakable. With companies buried in potential security issues and breaches – how can they get a handle on potential threats – and ensure they are ready to respond to whatever is thrown at them?

During this lunch and learn session with the Markley Group, can prepare and protect against ever-expanding threat of security risks, Peter Bamber, CISA, CRISC, CISSP,  vice president, Information Security Consulting Services and Ed Greenberg, senior solutions account director for Security Management Partners will consider how companies can prepare and protect against ever-expanding cybersecurity risks. In addition, Bamber and Greenberg will look at the future of enterprise security to help companies prioritize security practices and enable quick and effective incident response protocols in order to take cybersecurity into their own hands once and for all.

For event information, visit: http://www.markleygroup.com/oct-27-meetmarkley-experts-from-smp-share-security-and-incident-response-best-practices

Upcoming - ISC2: SecureBoston-Healthcare2016

WHO: Peter Bamber, CISA, CRISC, CISSP,  vice president, Information Security Consulting Services for Security Management Partners

WHAT: Will present a session titled, "Incident Response Plan - Are you prepared?" during the ISC2: SecureBoston-Healthcare 2016 event. 

WHEN: The event will take place on Tuesday, September 27, 2016 from 9:00 AM - 5:00 PM EDT. Bamber is scheduled to speak at 2:00 p.m. EDT. 

WHERE:  Marriott Courtyard, 275 Tremont Street, Boston, Mass. 

WHAT:  With the constantly changing threat landscape – is your organization prepared with an Incident Response Plan that will work? During the ISC2: SecureBoston-Healthcare 2016 event, Peter Bamber, CISA, CRISC, CISSP of Security Management Partners will speak about past experiences with breach and forensic investigations. In this day and age, it is not a question of IF an incident will occur but rather when it will occur. Bamber will discuss ways that organizations can properly prepare an Incident Response Plan to best handle these situations. 

For event information, visit: http://www.cvent.com/events/-isc-secureboston-healthcare2016/agenda-2f6c703f22ee46c68ba08dbf9d3e7cd7.aspx