Cyber Security: When Hackers Strike Your Business, Will You Be Prepared?









SUNY Buffalo Law School & the Law Alumni Association’s GOLD Group presents a CLE* program.

When: Thursday, November 20, 2014 – 8 a.m. to 9 a.m. (registration begins at 7:30 a.m.)
Where: The Buffalo Club, 388 Delaware Avenue, Buffalo NY (free parking)

Cyber Security: When Hackers Strike You Business, Will You Be Prepared?

Presentation Costs:
-FREE to paid 2014-2015 LAA Members at the $60 level
-$15 for GOLD Group Members
-$20 for all other
-Cost includes lecture, handouts, and breakfast

RSVP to the Law Alumni Office at (716) 645-2107 or register at:

Questions? Contact Pat Warrington at (716) 645-7885

*Earn 1.0 CLE credit in the area of skills – these credits qualify as transitional or non-transitional credits.

Hodgson Russ Public Company Update & Cyber Security Presentation

Hodgson Russ LLP Attorneys





On November 19, 2014, Michael McCartney, President/CEO of DIGITS LLC will be joining Hodgson Russ for their public company update and Cyber Security Presentation.

Wednesday, November 19, 2014
8:30 to 11:30 a.m.
The Offices of Hodgson Russ
140 Pearl Street, Buffalo, NY
Registration and breakfast at 8 a.m.

Speakers: Ronald Battaglia; Richard Kaiser; Kevin Kearney; Robert Lane; Robert Olivieri; John Zak; David Schmidt, Ernst & Young LLP; and Michael McCartney, DIGITS LLC

Who should attend: In-house counsel, board members, CEOs, CFOs, controllers, finance and external reporting managers, and anyone interested in current issues facing public companies

Continental breakfast and box lunch will be provided.
This seminar is complimentary. 1.5 hours of CPE available.
CLE credit requested, including 1 credit in the area of ethics

To Register, for Hodgson Russ Public Company Update & Cyber Security Presentation, click here.

Are you Shellshock’d? {bashbug}

By: Kyle Cavalieri

Are-You-Shell-Shocked-DIGITS-LLCOn September 25, 2014, a new vulnerability that affects most versions of Linux and Unix operating systems, which includes Mac OS X, was discovered. According to security researchers, given the reach of the Bash itself and combined with the sheer volume of devices and application that rely on the Bash, Shellshock is likely going to be larger than the Heartbleed vulnerability that was identified earlier this year. If Shellshock is exploited successfully, the vulnerability could allow an attacker to gain control over a targeted computer.

Bash is a common component of Unix and Linux systems and is commonly referred to as ‘shell.’ Bash acts as a mechanism for the user to instruct the operating system what to do. The vulnerability lies in the fact that an attacker can imbed malicious code into application code that require Bash to execute. At this time, the most critically vulnerable systems are Web servers running the aforementioned OS’s. Although, non-Web servers are also vulnerable, specific conditions need to be in place in order for an attacker to gain control. Imbedded systems that are running Bash that are Internet facing, such as surveillance systems, routers, conferencing and IP based phone systems may also be vulnerable and should be inspected appropriately.

Once the targeted system has been exploited, the attacker can extract password lists off the system and use those passwords to move laterally within the network to gain access to other systems with the company’s production environment.

Due to the wide spread nature of this vulnerability, cyber security companies, like DIGITS LLC, are able to detect whether your systems are currently vulnerable to this latest threat. Contact a cyber security specialist today for more information.


Cyber Breach – It will happen to you!

By Michael McCartney ( is President/CEO of DIGITS LLC, in Buffalo, NY.

Vulnerability Assessment - web

We have all seen the national news reports lead with the all too familiar story of another company being the victim of a cyber attack. Target, Neiman Marcus, eBay, Goodwill, Stubhub, and many more, have all fallen victim to this alarmingly increasing trend. Of course, these are all name brand companies that are worthy of national media attention. However, yearly reporting of data breach statistics prove that no one is immune from this risk.

 One of the most widely respected annual data breach publications is the Verizon Data Breach Investigative Report (DBIR). The 2014 report is the tenth (10th) annual report, which aggregates data security incidents and breaches from 50 organizations across 95 countries. This provides for trending and matrix of breach statistics by industry. The report shows that every industry is affected and highlights the motivations behind the attacks. While financial gain is still the highest motivator for most threat actors, espionage is on an alarming increase. The report also shows that no industry is safe from these attacks.

Reference :

 At the Annual Meeting in Boston on August 12, 2014 the American Bar Association ABA House of Delegates passed a resolution that encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations.  The report goes into great detail outlining the severity of this data breach crisis, not only to law firms, but to private industry and our critical infrastructure. The government includes the following industries as critical infrastructure: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation, and Water and Wastewater Systems.  The private sector owns about 85% of this infrastructure in the US.

 American Bar Association encourages these organizations conduct regular risk-based assessments as well as to develop and test a Incident Response Plan for possible cyber attacks, including disclosure of data breaches, notification of affected individuals, and the recovery and restoration of disrupted operations.

Reference :

  In February 2013, President Barack Obama issued Presidential Policy Directive – 21 together with Executive Order 13686 acknowledging the alarming increase in cyber security incidents and calling for the U.S Department of Commerce to develop a Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. In February 2014, the National Institute of Standards and Technology (NIST) published their Framework for Improving Critical Infrastructure Cybersecurity working paper.

Reference :

 These reports and government initiatives demonstrate a significant trend in awareness around the need to proactively address our cyber security and cyber response readiness. DIGITS LLC offers a full suite of proactive and reactive services t assist companies confront these challenges head-on!


UB CEL features Digital Forensic Firm



Buffalo’s Best Places to Work 2014

best places to workJust announced, DIGITS LLC is a finalist for Buffalo Business First’s Best Places to Work competition.  DIGITS LLC falls into the “Micro Category” which is made up of companies having 10-20 employees.

Finalists were chosen by survey results that were submitted anonymously by all employees months prior.  All survey results were analyzed and compared to the other organizations entered.  Finalists were then chosen based upon survey results.  All finalists are invited to a luncheon to find out who the winner is of each size category.  The luncheon has a theme of “Si-Fi” and additional awards are given to the company who is “best dressed”.

DIGITS LLC has our game face on and we are excited to participate in Buffalo’s Best Places to Work 2014 competition!

All Micro finalists include:

Andreozzi Bluestein Weber Brown, LLP, Bison Electrical Services, Buffalo OB-GYN, DIGITS LLC, Erdman Anthony, Georgetown Capital Group, I-Evolve Technology Services, Key Resource Group, LLC, SelectOne Search, Shatter I.T. LLC, SLC Therapy Associates, StraussGroup, Systems Personnel, TxMQ, Inc., US Itek Inc.

DIGITS LLC was founded in 2006 to fill the need in the legal and corporate communities for highly skilled digital forensics, proactive cyber security services, corporate computer investigations, cyber security incident response and advisory services, eDiscovery and litigation support services, and general digital forensic consulting needs.

Flappy Bird Fake Versions Popping Up on Android Market

Flappy Bird

Be alerted, your child’s most recent favorite mobile game “Flappy Bird” has been pulled from the market by it’s developer, Doug Nguyen.  Since the original version has been pulled down from the market, malicious versions of this app have been created and added to the Android market to potentially exploit users.

These fake versions of “Flappy Bird” have been known to send messages to premium numbers, causing unwanted charges to your phone billing statements.  An article published by CNET further describes the vulnerability of the fake versions of this game and talks to various security experts about the impact that the malicious versions have made.  Click the link to read CNET’s article titled “Squawk! Flappy Bird fakes are hatching Android malware.”

Internet Security with Computer Forensic Expert

Recently DIGITS LLC‘s Director of Computer Forensics and Investigations was featured on WIVB, Buffalo’s Channel 4 News, about the topic of Internet viruses.  Kyle Cavalieri is an expert in Cyber Security and offered his opinion about these Internet viruses that could put anyone connected into the web in a bad situation. Check out the video below for more information on how to stay secure from this ‘ransomware’ Internet virus.

Learning about Internet threats with WIVB

This WIVB story, reported by Jordan Williams, started with a local man that was victim to a cyber attack that appeared to take control of his personal laptop.   A FBI Buffalo representative and DIGITS LLC’s Director of Computer Forensics and Investigations both provided feedback from the “ransomware” attack.  It is very important to make sure that you are aware of these type of cyber attacks.  Both representatives reinforced that it is important to call to shut down your computer right away and call a security expert, like DIGITS LLC, if you fall victim from a computer virus similar to described here.

Check out this report WIVB, interviewing computer and security experts about this ransomware virus.

SCCE Web Conference: Data Breaches- No Stranger to Small Firms

Michael McCartneyMichael McCartney, President/CEO of DIGITS LLC, will be presenting a SCCE Web Conference on the topic of: Data Breaches – No Stranger to Small Firms.

DIGITS LLC was founded in 2006 to fill the need in the legal and corporate communities for highly skilled digital forensics, proactive cyber security services, corporate computer investigations, cyber security incident response and advisory services, eDiscovery and litigation support services, and other investigation services.

SCCE Web Conference:

Data Breaches- No Stranger to Small Firms
February 19 , 2014
12pm CST | 1pm EST | 11am MT | 10am PST | 9AM AKST | 8AM HAST
Main Points Covered:
  • Be able to evaluate how secure your office network is
  • Identify gaps in your office’s data and network security.
  • Understand risk and liabilities to insecure network infrastructure


Get every new post delivered to your Inbox.

%d bloggers like this: