May 2023 Newsletter
Hello and welcome to our May newsletter! Lots of interesting internal hacks to mention in this month’s newsletter, some of which you may have heard about. In this issue, we will also be reviewing our DMSSync network-to-eDOCS synchronization solution and announcing an upcoming webinar for CISOs and others responsible for information security.
Solution Spotlight- DMSSync for eDOCS

DMSSync is the ultimate network user and group synchronization utility for Open Text eDOCS™. Unlike any other application available today, DMSSync can AUTOMATICALLY replicate network additions and changes to a DM, including user and group deletions and group membership changes. By doing so, DMSSync centralizes the maintenance of this information, eliminating the need for redundant user and group administration on multiple systems.
DMSSync is ideal for any size installation ranging from an organization with a single library to a multi-library, multi-location global enterprise. It efficiently and securely operates within the Open Text eDOCS framework. All DMSSync functions are accessible from a single, easy-to use interface. DMSSync  is fully compatible with all Microsoft networks, database servers and document servers supported by Open Text eDOCS™. DMSSync does not require a dedicated server, and can be run during normal business hours., and can be run continuously, on-demand, or from almost any scheduling program, including the WincTools scheduler.


Click here for the WincSync Datasheet


Webinar: A Guide to Data Loss Prevention with Guardian Internal Threat Detection
Are you the CISO or responsible for information security at an organization that uses OpenText Content Server? If you are, we will be conducting a webinar that will discuss Mitigating Internal Threats and Phishing Attacks on a Content Server Repository.
When: June 14th, 2023 12:00 Noon EST
In this webinar you will learn how to prevent internal attacks such as the recent Guardsman hack of the Department of Defense, the Twitter hack, Facebook hack, Edward Snowden, and many dozens more that sometimes make the news but most often don’t.

Most folks learn about these hacks after the fact. Learn how to catch them in the act.

Duration of webinar: 60 minutes
Save the date! Email for more information!
News Highlight

The Tesla Files
According to a report by German newspaper Handelsblatt, Tesla has suffered a significant data breach involving the leak of over 100 gigabytes of confidential data. The leaked information, dubbed the “Tesla Files,” includes customer and employee data, comprising over 100,000 names, social security numbers, email addresses, phone numbers, salaries, and bank details. In addition, the documents revealed secret production details, as well as thousands of customer complaints related to Tesla’s driver assistance system, including issues with sudden unintended acceleration (SUA) and phantom braking. The breach highlights concerns about the company’s data protection practices, and because anyone with access to the company’s Toolbox internal messaging system can access this information on customers and employees from anywhere in the world, it is being treated as a violation of the General Data Protection Regulation (GDPR). If found guilty of such a violation, Tesla could face fines of up to 4% of its annual sales, amounting to around €3.26 billion ($3.5 billion).

Tesla’s lawyer, meanwhile, has stated that the breach involved a “disgruntled former employee” who misused their access as a service technician. Tesla plans to take legal action against the suspected individual responsible for the leak.

Handelsblatt, for their part, found the leak to be so expansive that they took the added step of developing a search tool for any Tesla customer or employee to freely check if their data was compromised. On attempting initial contact with Tesla prior to publication, the only response was from Tesla’s managing counsel for litigation, urging them to “immediately delete all other copies [of the leaked data]” and threatening that the “use of illegally obtained data for media reporting is not allowed… The possession of such data…  breaches, among other things, data protection law… [and] subjects recipients, such as Handelsblatt, to liability for violation of trade secrets, data protection law, and handling stolen data….”

Currently, data protection watchdogs in the Netherlands and Germany – where Tesla’s European gigafactory is located – are investigating the breach, the latter of which has described the breach as “massive.” Tesla has previously faced scrutiny over privacy issues, including the recent revelations its employees had for years been engaging in the unauthorized sharing of customers’ videos on its internal messaging system Mattermost. German union IG Metall has expressed its concerns about the revelations and called on Tesla to inform employees about any data protection breaches, and to likewise foster a culture where staff can openly report problems and grievances without fear.


Casepoint Investigates Two-Terabyte Theft of Government and Corporate Data
Casepoint, a U.S.-based legal tech firm that provides a discovery platform for litigation and compliance, is investigating a potential cybersecurity breach after hackers claimed to have accessed and stolen two terabytes of sensitive data. The company’s clients include government agencies such as the U.S. Courts, the Securities and Exchange Commission (SEC), and the U.S. Department of Defense (DoD), as well as prominent organizations like Marriott and Mayo Clinic. While Casepoint’s co-founder and CTO did not confirm the specific nature of the incident, the ALPHV ransomware gang, believed to have ties to Russia, has claimed responsibility and has listed the stolen data on its dark web leak site. Samples of the stolen data include healthcare information, a legal document, a government-issued ID, and an internal document allegedly from the FBI. On May 31, ALPHV also published what appears to be login details for the company’s internal systems. Casepoint maintains that its services have not been disrupted, and they have engaged a third-party forensic firm to investigate the incident.

Evangelical Doctors’ Organization Leaks Massive Trove of Sensitive Documents
The American College of Pediatricians (ACP), a right-wing medical organization, accidentally exposed a vast collection of highly sensitive documents on its own website. The cache of leaked documents, totaling over 10,000 files, was discovered by Wired and included highly confidential information such as donor details, tax records, social security numbers of board members, staff resignation letters, budgetary concerns, and usernames/passwords of over 100 online accounts. The leaked files also revealed strategies to discredit organizations like the Southern Poverty Law Center, as well as a contract with the Alliance Defending Freedom, a conservative legal group, to represent the ACP pro bono. The ACP, known for employing a veneer of medical science in campaigning against LGBTQ causes, and currently at the center of the ongoing legal struggle involving the abortion drug Mifepristone, is classified as a hate group by the Southern Poverty Law Center. With significantly fewer members than the official American Academy of Pediatrics, the ACP holds influence in conservative policy despite its limited reach.

Other Noteable Breaches:

ARC Document Solutions, Inc. Experiences Data Breach in the Wake of Recent Cyberattack

Spain Seeks to Ban Encryption, Leaked Document Reveals

US Dept of Transport Security Breach Exposes Info on a Quarter-Million People

Interesting Reads:

14 Ways Financial Leaders Can Help Their Companies Avoid Cyberattacks

Dept of Commerce Details Effort to Secure US Data

Inflation, Budget Cuts and Small Teams Worry Security Pros

What 15 Top CEOs And Cybersecurity Experts Told Us At RSAC 2023

An IP Theft Case With A Difference




Give Us a Try:
Translate »