Cyber Attacks, Threats, and Vulnerabilities
SolarWinds hackers linked to known Russian spying tools, investigators say (Reuters) The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.
Sunburst backdoor – code overlaps with Kazuar (Securelist) While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified .NET backdoor known as Kazuar.
Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA) This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
Continuous Updates: Everything You Need to Know About the SolarWinds Attack (SecurityWeek) News coverage of the SolarWinds supply-chain attacks and useful security resources, including analysis and indicators of compromise (IOC).
U.S. District Court requires sensitive documents to be filed by paper in response to possible Russian hack (The Columbus Dispatch) The U.S. District Court for Southern Ohio, which includes Columbus, is requiring sensitive documents to be filed in paper in wake of Microsoft hack.
Laptop stolen from Pelosi's office during storming of U.S. Capitol, says aide (Reuters) A laptop was stolen from the office of U.S. House of Representatives Speaker Nancy Pelosi during the storming of the U.S. Capitol on Wednesday, one of her aides said on Friday.
Missing laptops raise cyber risks from U.S. Capitol mayhem (Fortune) Federal authorities are assessing the cybersecurity risks created by rioters roaming freely through congressional offices during Wednesday’s rampage at the U.S. Capitol.
‘Trump or War’: How the Capitol Mob Mobilized on Social Media (Wall Street Journal) Organizers with large online followings loudly proclaimed their intentions to contest the election results, through violence if necessary.
Trump’s ban from Twitter creates the ultimate case of link rot in posts across the internet (The Verge) Trump has tweeted thousands of times over the past decade-plus
CRAN Version 4.0.2 (Bishop Fox) Bishop Fox advisory on CRAN package manager version 4.0.2. A medium severity path traversal vulnerability was found in the CRAN package manager.
United Nations data breach exposed over 100k UNEP staff records (BleepingComputer) This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP).
The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees.
New Zealand central bank hit by cyber attack (Yahoo) New Zealand's central bank said Sunday it was responding with urgency to a "malicious" breach of one of its data systems, a third-party file sharing service that stored "sensitive information".
New Zealand Central Bank Probing Data Breach (Bloomberg) The Reserve Bank of New Zealand says it’s investigating an illegal breach of a third-party file sharing service used to share and store some sensitive information. Paul Allen reports on "Bloomberg Daybreak: Asia."
Reserve Bank data breach: Sensitive information illegally accessed (New Zealand Herald) Reserve Bank's system has been breached.
New Zealand central bank says it was not a specific target of cyberattack (CNBC) New Zealand's central bank said on Monday a cyberattack that breached its data systems also affected other users of a third-party application.
DoS Vulnerabilities Found in Rockwell's FactoryTalk Linx and RSLinx Classic Products (SecurityWeek) Researchers have found vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to DoS attacks.
Ransomware Read Me First: Don't Get Scammed... Twice (GroupSense) Read this before clicking on that 'Unencrypt my files now!' advertisement. You'll thank us later...
Trickbot Still Alive and Well (The DFIR Report) The Trickbot threat actors used Cobalt Strike to pivot through-out the domain, dumping lsass and ntds.dit as they went. They used tools such as AdFind, Nltest, Net, Bloodhound, and PowerView to peruse the domain, looking for high privileged credentials to accomplish their mission. They used PowerShell, SMB, and WMI to move laterally.
Dassault Falcon Jet Disclosed Data Breach – Ransomware Suspected (Latest Hacking News) Dassault Falcon Jet Corps. disclosed a data breach in December 2020. It now turns out that the firm suffered Ragnar Locker ransomware attack.
Chinese start-up leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users (SafetyDetectives) High-flying and rapidly growing Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of person
Communauto hit by cyber attack (Montreal Gazette) The Montreal-based car-sharing service says hackers were unable to get access to members' credit card numbers.
Cities, county still reeling in wake of cyberattack (Texarkana Gazette) As multiple agencies in both Texarkanas and Bowie County remain crippled by a ransomware attack discovered more than a month ago, frustration at a lack of information and progress grows among officials and personnel.
Italy's Ho Mobile issues new SIM serial codes following data breach (Telecompaper) Vodafone Italia's low-cost brand Ho Mobile announced that it will be protecting customers affected by a recent data breach by automatically issuing new SIM card serial codes. In a statement, the company said it will be generating new ICCID codes and informing customers via SMS that their previous code is no longer valid, preventing any possibility of telephone fraud or SIM swap attacks and allowing them to retain their number and safely change operator in the future.
From camera doorbells to security drones — how your home tech could spy on you (The Sun) Trembling with fear, mum-of-three Lianne Davies peered out of her bedroom window into the dark winter night. Though nobody was visible, she heard a stranger loudly threatening her husband Paul on h…
Security Patches, Mitigations, and Software Updates
NVIDIA Ships Patches for High-Severity Security Flaws (SecurityWeek) NVIDIA ships patches for multiple high severity vulnerabilities in GPU drivers and vGPU software
Firefox Improves Privacy Protections With Encrypted Client Hello (SecurityWeek) Encrypted Client Hello (ECH) aims to address the shortcomings of Encrypted Server Name Indication (ESNI).
2020 Was a Bad Year for Ransomware. 2021 Will Be Worse. (Barron's) Holding data hostage has become a lucrative criminal pursuit. It's not going away any time soon.
Our cybersecurity predictions for 2021 (Pradeo) Malware, 5G, open banking security, personal device usage... See our predictions for 2021.
The State of Streamergency Today: Need for Better Internet (Speedify) The "State of Streamergency" research report looks at the imperfect internet we all face, the most important online activities for consumers, and remote workers' productivity challenges.
Poor security hygiene raise questions on the future of remote work: Study (ETCIO.com) A new remote workforce study from CyberArk states that 78% of employees admitted to having technical issues with connecting to corporate systems and r..
As retail moves online, brands must adapt to today’s cyberthreat landscape (ITProPortal) As cybercrime increases, AI technologies should be utilized to protect the retail industry from cyberattacks.
Francisco Partners Completes Acquisition of Forcepoint (PR Newswire) Francisco Partners, a leading global investment firm that specializes in partnering with technology and technology-enabled businesses, today...
Equifax Buys Fraud Prevention Firm Kount in $640 Million Deal (SecurityWeek) Equifax will acquire Kount for $640 Million to expand its worldwide footprint in digital identity and fraud prevention solutions.
Booz Allen Invests in Industry Leading Digital Forensics and Incident Response Company Tracepoint (BusinessWire) Booz Allen announces a strategic investment in Tracepoint, an industry leading digital forensics and incident response company.
StackRox Acquisition By Red Hat Underscores The Significance Of DevSecOps (Forbes) Last week, Red Hat announced that it’s acquiring StackRox, a California-based Kubernetes security company founded in 2014.
Lacework Scores $525M in Security Battle Against Palo Alto Networks (SDxCentral) Cloud security startup Lacework closed a $525 million funding round that pushed its valuation “well over $1 billion,” CEO Dan Hubbard said.
Cyber Risk Ratings Leader NormShield Rebrands to "Black Kite" (NormShield) Relocates Headquarters to Boston with Plans to Double Size Again in 2021 BOSTON – January 11, 2021 Black Kite, the cyber risk ratings company formerly known as NormShield, today revealed its new name,
Chris Krebs and Alex Stamos have started a cyber consulting firm (TechCrunch) And they already have their first client: SolarWinds.
SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires (CRN) SolarWinds has brought in two of the world’s most famous security minds to help the embattled vendor pick up the pieces after the colossal Russian hacking campaign.
Our Plan for a Safer SolarWinds and Customer Community (Orange Matter) I joined the SolarWinds family earlier this week as the new Chief Executive Officer. Although I accepted the position to become CEO before the Company was notified of the cyberattack, I feel an even greater commitment now to taking action, ensuring we learn from ...
Bellingcat breaks stories that newsrooms envy — using methods newsrooms avoid (Washington Post) How a global collective of sleuths unmasked Alexei Navalny’s assailants via data bought on the Russian black market. Their next target: The mob that attacked the Capitol.
Twitter bans Trump’s account, citing risk of further violence (Washington Post) The suspension amounted to a historic rebuke for a president who had used the social-networking site to rise to political prominence.
Twitter Bans President Trump’s Account Permanently (Wall Street Journal) Twitter cited the risk of further incitement of violence in the wake of this week’s deadly attack on the U.S. Capitol.
Permanent suspension of @realDonaldTrump (Twitter) Suspension of @realDonaldTrump
Trump tweets video after Twitter's lock on his account expires (CNET) The outgoing president's account was locked for 12 hours due to tweets that violated Twitter's rules and amid a pro-Trump riot on Capitol Hill.
Google suspends Parler from app store after deadly U.S. Capitol violence (Axios) The tech company has dropped the app in light of its "ongoing and urgent public safety threat."
Apple Suspends Parler From App Store (Wall Street Journal) Apple has suspended Parler from the App Store amid concerns the app’s owner hasn’t done enough to address threats of violence on the platform.
Apple, Amazon Move to Marginalize Parler (Wall Street Journal) Amazon said it would stop providing cloud services to the platform and Apple suspended Parler from its App Store, sharply escalating a campaign by tech giants to regulate content they see as dangerous.
Amazon employees call for company to cut ties with Parler after deadly U.S. Capitol riot (CNBC) "We cannot be complicit in more bloodshed and violent attacks on our democracy," the employee advocacy group wrote in a tweet.
Parler CEO Says Service Dropped By “Every Vendor” And Could End His Business (Deadline) Parler CEO John Matze said today that his social media company has been dropped by virtually all of its business alliances after Amazon, Apple and Google ended their agreements with the social medi…
Parler jumps to No. 1 on App Store after Facebook and Twitter ban Trump (TechCrunch) Users are surging on small, conservative, social media platforms after President Donald Trump’s ban from the world’s largest social networks, even as those platforms are seeing access throttled by the app marketplaces of tech’s biggest players. The social network, Parler, a networ…
Trump Responds to Twitter's Permanent Account Suspension (Epoch Times) President Donald Trump responded to Twitter's move to permanently suspend his account from its platform late Friday, saying that the big tech giant does not stand for free speech.
A farewell to @realDonaldTrump, gone after 57,000 tweets (AP NEWS) @realDonaldTrump, the Twitter feed that grew from the random musings of a reality TV star into the cudgel of an American president, died Friday. It was not quite 12 years...
Conservative #WalkAway Facebook page removed along with hundreds of thousands of videos and followers (Washington Examiner) Conservative activist Brandon Straka announced that Facebook has removed his page with over half a million followers and also banned members of his team.
Reddit bans subreddit group "r/DonaldTrump" (Axios) It's one of Reddit's largest political communities dedicated to support for President Trump.
Discord bans pro-Trump server ‘The Donald’ (The Verge) "We have a zero-tolerance policy against hate and violence of any kind on the platform."
YouTube bans Steve Bannon's War Room podcast channel (CNET) The ban comes as social platforms have cracked down on misinformation and content that could incite violence following the storming of the Capitol.
WSJ News Exclusive | Stripe Stops Processing Payments for Trump Campaign Website (Wall Street Journal) The financial-technology company is cutting off the president’s campaign account for violating its policies against encouraging violence.
All the platforms that have banned or restricted Trump so far (Axios) Platforms are rapidly removing Trump’s account or those affiliated with pro-Trump violence and conspiracies.
Not Easy, Not Unreasonable, Not Censorship: The Decision To Ban Trump From Twitter (TechDirt) When I started writing this post, it was about Facebook's decision to suspend Trump's account indefinitely, and at least until Joe Biden is inaugurated in a couple weeks. I had lots to say on that... and then Friday afternoon, Twitter decided to ban Trump's Twitter account permanently. This is a bigger deal, not just because it's permanent, rather than indefinite, but because so much of Trump's identity over the last four years (and before that) is tied up in his Twitter account and followers.
The Deplatforming of President Trump (New York Times) He is running out of places to post.
In Pulling Trump’s Megaphone, Twitter Shows Where Power Now Lies (New York Times) The ability of a handful of people to control our public discourse has never been more obvious.
In silencing president, two tech giants show where power now lies (Silicon Valley Business Journal) In the end, two billionaires from California — Facebook's Mark Zuckerberg and Twitter's Jack Dorsey — did what legions of politicians, prosecutors and power brokers had tried and failed to do for years.
'Strong political activists' will stay on Twitter, BofA says, reiterating Buy (NYSE:TWTR) (SeekingAlpha) BofA Securities is keeping its Buy rating on Twitter (NYSE:TWTR), with a price target of $58/share in the wake of the company's decision to ban President Donald Trump.There is a near-term 1Q threat to daily active user count (DAUs) from "churn from the conservative community", although DAUs on Parler are 0.37% of Twitter's U.S.
Sci-Hub Founder Criticises Sudden Twitter Ban Over Over "Counterfeit" Content (TorrentFreak) Twitter suspended the account of Sci-Hub, often referred to as the Pirate Bay of science, for violating the counterfeit policy.
Sex workers say 'defunding Pornhub' puts their livelihoods at risk (BBC News) Credit card companies are blocking payments to adult site Pornhub, which is hitting sex workers' earnings.
Trump’s Ban on Chinese Stocks Roils Investors (Wall Street Journal) U.S. investors have borne the brunt of an executive order signed by President Trump that was meant to hit the Chinese military by curtailing access to American dollars.
Wall Street firms reduce exposure to Chinese telcos as U.S. ban approaches (Reuters) Wall Street firms in Hong Kong including Goldman Sachs and JPMorgan have set out plans to reduce exposure to Chinese telecom companies named in a U.S. ban on investments in companies Washington considers linked to China's military.
It’s Boom Time For ‘White Hat’ Hackers As Indian Payments Go Digital (BloombergQuint) Rajshekhar Rajaharia brought the Juspay data breach to light. Is it boom for time for ethical hackers as digital payments surge?
Top 10 Cybersecurity Interview Questions and Answers (SearchSecurity) Are you getting ready for a cybersecurity job interview? Here are the top 10 cybersecurity interview questions you should know the answers to.
Former KeyW Exec Kirk Herdman Appointed VTG National Security Solutions Business Head (GovCon Wire) Kirk Herdman, formerly executive vice president of business and corporate development at KeyW, has j
Products, Services, and Solutions
Zero Security Research Labs Tops Cyber Security Field Through Its Exceptional Proactive Techniques in Unmasking Criminals (Yahoo Finance) In 2020 alone, statistics have shown that about 78% of companies in the United States encountered cyber attacks. Data breaches in American enterprises have led to an average of $392 million in losses, and in 2019, there had been over 1,000 data breaches exposing 147 million records.
HORIZON Lab Systems Receives Elite Cyber Verify AAA Risk Assurance Rating (PR Newswire) HORIZON Lab Systems today announced that it has received the MSPAlliance® Cyber Verify™ Risk Assurance Rating for Managed Services and Cloud...
Facial-Recognition Startup Clearview Moves to Limit Risk of Police Abuse (Wall Street Journal) The controversial startup that provides facial-recognition technology to law enforcement is rolling out new compliance features aimed at preventing misuse of the technology, CEO Hoan Ton-That said.
NeoSystems Reaches CMMC-AB Registered Practitioner Organization Status (PR Newswire) NeoSystems, a full service strategic back-office outsourcer, IT systems integrator and managed services provider, announced today that it has...
Technologies, Techniques, and Standards
Cyber Valhalla: Air Force trains offensive warriors with unclassified exercise (Army Times) Nothing like the training exists elsewhere.
Data Breach Response: The importance of training (Lexology) In a crisis, you don’t rise to the level of your aspiration, you fall to the level of your training. In this article, Pádraig Walsh from the Privacy…
Are hackers targeting your computer? 3 things you must do to protect yourself (KNXV) Here are 3 things experts say you should do right now to protect yourself and your personal information.
Burgum announces “A+” grade in CyberStart America competition, encourages statewide participation (EIN News) Gov. Doug Burgum today announced that North Dakota received an “A+” grade in the first two months of CyberStart America, an innovative, online
Gannon announces new online master’s degree in information assurance and cybersecurity (THE GANNON KNIGHT) Gannon University’s College of Engineering and Business announced it is launching a new Master of Science program in Information Assurance and Cybersecurity. This program is tailored to teach those with no prior cyber training to expand their skillset and open up hiring potential. This program is 30 credits and can be completed all online in...
Legislation, Policy, and Regulation
Why The Latest Cyberattack Was Different (Foreign Policy) The epic SolarWinds hack affecting thousands of government agencies and companies could mark the beginning of the end of the open internet.
Twitter's Trump ban raises social media regulation questions, says Hancock (Computing) Social media firms are 'taking editorial decisions,' according to the health secretary
China’s New Rules Could Hit U.S. Firms and Send a Message to Biden (New York Times) An order issued on Saturday empowers Beijing to tell companies to ignore U.S. restrictions and allows them to sue other businesses if they comply.
A Hong Kong Website Gets Blocked, Raising Censorship Fears (New York Times) Users of major mobile carriers can no longer access a service that detailed the personal information of police officers, a possible sign that the city is turning to tactics used in mainland China.
Experts urge Israel to learn from Russian cyber breach of US networks (Israel Hayom) Former Shin Bet technology division head Ron Shamir says US cyber defenders are experiencing a "very difficult hour." Former Israeli official Micky Aharonson notes that the massive attack could be part of Russia's attempt to strengthen its negotiating position with Washington.
Opinion | Protecting our vaccine supply chain against ransomware (Hamilton Spectator) With the vaccine in play, and a post-pandemic world on the horizon, no shortcuts can be taken, writes Shawn Rosemarie and Andrew Miller
NSA Cybersecurity 2020 Year in Review (National Security Agency | Central Security Service) Last year marked the NSA Cybersecurity Directorate's first full year since its establishment, and today we are releasing our 2020 NSA Cybersecurity Year in Review. This document details how NSA worked
U.S. Department of State Approves New Cyberspace Security Bureau (SecurityWeek) The CSET bureau will focus on international cyberspace security and policy issues.
William Burns, a career diplomat, is Biden’s choice to head the C.I.A. (New York Times) President-elect Joseph R. Biden has selected William J. Burns, a career State Department official who led the U.S. delegation in secret talks with Iran, to run the Central Intelligence Agency.
Cyber czar to draw on new powers from defense bill (TheHill) New authorities from the recently enacted defense bill are expected to help the U.S. government in its response to the SolarWinds hack believed to be perpetrated by Russia.
Biden transition fills some top cybersecurity personnel spots (CyberScoop) The incoming Biden administration has spent the week heralding some of its cybersecurity-related personnel decisions, even as a couple key jobs remain a question mark.
Biden names Orthodox woman to senior National Security Council position (Cleveland Jewish News) Anne Neuberger has worked at the National Security Agency for more than a decade and helped found the U.S. Cyber Command.The post Biden names Orthodox woman to senior National Security
Biden fills out his national security team with nearly two dozen appointments (TheHill) President-elect Joe Biden on Friday announced nearly two dozen appointments to his incoming National Security Council (NSC), filling out his staff with less than two weeks to go before his inauguration.
Biden’s NSC to focus on global health, climate, cyber and human rights, as well as China and Russia (Washington Post) The incoming Biden administration plans to restructure and expand the operations of the White House National Security Council, establishing new senior positions on global health, democracy and human rights, and cyber and emerging technology, signaling a sweeping shift in priorities, according to a senior adviser to the Biden transition.
Litigation, Investigation, and Law Enforcement
At least 25 domestic terrorism cases have been opened after US Capitol breach, congressman says Army secretary told him (CNN) At least 25 domestic terrorism cases have been opened in the wake of Wednesday's US Capitol breach that engulfed the nation's capital in chaos, Army secretary Ryan McCarthy told Democratic Rep. Jason Crow, according to a news release from the congressman's office.
Outgoing Capitol Police chief: House, Senate security officials hamstrung efforts to call in National Guard (Washington Post) Two days before Congress was set to formalize President-elect Joe Biden’s victory, Capitol Police Chief Steven Sund was growing increasingly worried about the size of the pro-Trump crowds expected to stream into Washington in protest.
Former election cybersecurity chief: Trump can redeem himself by resigning (POLITICO) "The president's legacy is a heap of ashes," Chris Krebs said.
Local Police Force Uses Facial Recognition to Identify Capitol Riot Suspects (Wall Street Journal) An Alabama police department is using facial recognition software to help identify people who were present during the riot at the U.S. Capitol this week, one of its officers said.
Insurrectionist ‘Zip-Tie Guy’ identified as retired Air Force lieutenant colonel (Military Times) Retired Lt. Col. Larry Rendall Brock Jr. was photographed on the Senate floor in combat gear holding zip tie handcuffs.
Capitol riots were a "Breakdown in risk intelligence", Obama-era secret service agent says (Newsweek) Jonathan Wackrow told CNN the riots were a "huge miss" by intelligence services and the U.S. Capitol has always been vulnerable to security breaches.
Journalists Scrutinize QAnon's Role in Capitol Hill Mob -- And Its Hosting Infrastructure (Slashdot) On Thursday Axios tried to assess QAnon's role in the mob that stormed America's Capitol building:
Adherents of the QAnon conspiracy theory, who imagine a vast deep-state cabal of pedophiles arrayed against Trump, have for years insisted that a moment of reckoning for their enemies is imminent. QAno...
Dominion sues pro-Trump lawyer Sidney Powell, seeking more than $1.3 billion (Washington Post) Dominion Voting Systems on Friday filed a defamation lawsuit against lawyer Sidney Powell, demanding more than $1.3 billion in damages for havoc it says Powell has caused by spreading “wild” and “demonstrably false” allegations, including that Dominion played a central role in a fantastical scheme to steal the 2020 election from President Trump.
SolarWinds Government Data Breach Leads to Securities Action (JD Supra) The massive data breach of the United States Commerce and Treasury Departments that has roiled the federal government has resulted in federal...
UK Mass Hacking Ruled Illegal (Forbes) After five years of legal wrangling, the UK High Court has ruled that the security and intelligence services cannot search the computers and phones of millions of people under a single 'general warrant'.
Scottish Labour investigate reported breach of data regulations by party’s former deputy leader (Morning Star) Scottish Labour is investigating a reported breach of data regulations by the party’s former deputy leader.
What does Twitter's GDPR fine mean for your business? (Business Leader) Twitter’s recent $500,000 fine for breaching data protection laws demonstrates the need for businesses of all sizes to ensure contracts with organisations who process data for them are carefully drafted, according to a specialist technology law firm.
Assange Victory Leaves Whistleblowers, Journalists Hanging (Law360) A U.K. court's recent refusal to endorse claims that the prosecution of Julian Assange amounts to an attack on freedom of speech highlights the need to introduce a public interest defense into English law to protect journalists and whistleblowers, lawyers say.
WSJ News Exclusive | Is Your iPhone Passcode Off Limits to the Law? Supreme Court Ruling Sought (Wall Street Journal) Two civil-liberties groups are asking the U.S. Supreme Court to rule on the knotty digital-privacy question involving personal devices.
BREAKING: Supreme Court Takes Up Calif. Donor Privacy Cases (Law360) The U.S. Supreme Court on Friday agreed to hear two petitions by conservative advocacy groups challenging a California law requiring charitable organizations to disclose donor information, which the groups argue chills First Amendment associational rights.
Google Chrome Privacy Plan Faces U.K. Competition Probe (Wall Street Journal) British regulators are investigating whether Google’s plan to remove some user-tracking tools from its Chrome browser could hurt competition in the online-advertising industry.
MTI Bitcoins Sent to Privacy Mixers as New Data Breach Exposes the Ponzi Scheme's Top Earners (Bitcoin News) In another twist to the Mirror Trading International (MTI) bitcoin Ponzi scam, the blockchain intelligence firm Whitestream says bitcoins from wallets associated with the company are being sent to Wasabi Mixers. According to Whitestream's update, this pivot to mixers suggests that operators of the Ponzi are trying to obfuscate the movement of the bitcoins and therefore make them hard to trace.
Protecting Data Breach Investigations From Disclosure (Bloomberg Law) Attorneys for companies involved in data breach litigation or investigations often use forensic investigators to uncover information about the breach. Alston & Bird attorneys say some courts have found this work discoverable depending on the facts surrounding the investigation and offer ways for companies to protect it from disclosure under the attorney-client privilege, the work product doctrine, the protection from disclosure of opinions of non-testifying experts, or a combination of the three.