December 18 – Cyber Security: When Hackers Strike Your Business, Will You Be Prepared?

Due to the “Snowvember” storm we had in Buffalo, the Cyber Security CLE event has been rescheduled to Thursday, December 18, 2014.  Same great programming will be provided!


SUNY Buffalo Law School & the Law Alumni Association’s GOLD Group presents a CLE* program.

When: Thursday, December 18, 2014 – 8 a.m. to 9 a.m. (registration begins at 7:30 a.m.)
Where: The Buffalo Club, 388 Delaware Avenue, Buffalo NY (free parking)


Cyber Security: When Hackers Strike You Business, Will You Be Prepared?



Presentation Costs
-FREE to paid 2014-2015 LAA Members at the $60 level
-$15 for GOLD Group Members
-$20 for all other
-Cost includes lecture, handouts, and breakfast


RSVP:  Call the Law Alumni Office at (716) 645-2107 or register at:

Questions? Contact Pat Warrington at (716) 645-7885


*Earn 1.0 CLE credit in the area of skills – these credits qualify as transitional or non-transitional credits.


Rescheduled: Hodgson Russ Public Company Update & Cyber Security Presentation

Hodgson Russ Public Company Update & Cyber Security Presentation.

Due to the Snowvember storm in Buffalo, the Hodgson Russ Public Update and Cyber Security Presentation has been rescheduled to Wednesday, December 10, 2014.

Michael McCartney, President/CEO of DIGITS LLC will be joining Hodgson Russ for their Public Company Update and Cyber Security Presentation.

Wednesday, December 10, 2014
8:30 to 11:30 a.m.
The Offices of Hodgson Russ
140 Pearl Street, Buffalo, NY
Registration and breakfast at 8 a.m.

Speakers: Ronald Battaglia; Richard Kaiser; Kevin Kearney; Robert Lane; Robert Olivieri; John Zak; David Schmidt, Ernst & Young LLP; and Michael McCartney, DIGITS LLC

Interested in attending?  We recommend that this event will be appropriate to the following: In-house counsel, board members, CEOs, CFOs, controllers, finance and external reporting managers, and anyone interested in current issues facing public companies

  • Continental breakfast and box lunch will be provided
  • This seminar is complimentary. 1.5 hours of CPE available
  • CLE credit requested, including 1 credit in the area of ethics

To Register, for Hodgson Russ Public Company Update & Cyber Security Presentation, click here.

For any additional questions or comments, please email:

Hodgson Russ Public Update and Cyber Security Presentation


Are you Shellshock’d? {bashbug}

By: Kyle Cavalieri

Are-You-Shell-Shocked-DIGITS-LLCOn September 25, 2014, a new vulnerability that affects most versions of Linux and Unix operating systems, which includes Mac OS X, was discovered. According to security researchers, given the reach of the Bash itself and combined with the sheer volume of devices and application that rely on the Bash, Shellshock is likely going to be larger than the Heartbleed vulnerability that was identified earlier this year. If Shellshock is exploited successfully, the vulnerability could allow an attacker to gain control over a targeted computer.

Bash is a common component of Unix and Linux systems and is commonly referred to as ‘shell.’ Bash acts as a mechanism for the user to instruct the operating system what to do. The vulnerability lies in the fact that an attacker can imbed malicious code into application code that require Bash to execute. At this time, the most critically vulnerable systems are Web servers running the aforementioned OS’s. Although, non-Web servers are also vulnerable, specific conditions need to be in place in order for an attacker to gain control. Imbedded systems that are running Bash that are Internet facing, such as surveillance systems, routers, conferencing and IP based phone systems may also be vulnerable and should be inspected appropriately.

Once the targeted system has been exploited, the attacker can extract password lists off the system and use those passwords to move laterally within the network to gain access to other systems with the company’s production environment.

Due to the wide spread nature of this vulnerability, cyber security companies, like DIGITS LLC, are able to detect whether your systems are currently vulnerable to this latest threat. Contact a cyber security specialist today for more information.


Cyber Breach – It will happen to you!

By Michael McCartney ( is President/CEO of DIGITS LLC, in Buffalo, NY.

Vulnerability Assessment - web

We have all seen the national news reports lead with the all too familiar story of another company being the victim of a cyber attack. Target, Neiman Marcus, eBay, Goodwill, Stubhub, and many more, have all fallen victim to this alarmingly increasing trend. Of course, these are all name brand companies that are worthy of national media attention. However, yearly reporting of data breach statistics prove that no one is immune from this risk.

 One of the most widely respected annual data breach publications is the Verizon Data Breach Investigative Report (DBIR). The 2014 report is the tenth (10th) annual report, which aggregates data security incidents and breaches from 50 organizations across 95 countries. This provides for trending and matrix of breach statistics by industry. The report shows that every industry is affected and highlights the motivations behind the attacks. While financial gain is still the highest motivator for most threat actors, espionage is on an alarming increase. The report also shows that no industry is safe from these attacks.

Reference :

 At the Annual Meeting in Boston on August 12, 2014 the American Bar Association ABA House of Delegates passed a resolution that encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations.  The report goes into great detail outlining the severity of this data breach crisis, not only to law firms, but to private industry and our critical infrastructure. The government includes the following industries as critical infrastructure: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation, and Water and Wastewater Systems.  The private sector owns about 85% of this infrastructure in the US.

 American Bar Association encourages these organizations conduct regular risk-based assessments as well as to develop and test a Incident Response Plan for possible cyber attacks, including disclosure of data breaches, notification of affected individuals, and the recovery and restoration of disrupted operations.

Reference :

  In February 2013, President Barack Obama issued Presidential Policy Directive – 21 together with Executive Order 13686 acknowledging the alarming increase in cyber security incidents and calling for the U.S Department of Commerce to develop a Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. In February 2014, the National Institute of Standards and Technology (NIST) published their Framework for Improving Critical Infrastructure Cybersecurity working paper.

Reference :

 These reports and government initiatives demonstrate a significant trend in awareness around the need to proactively address our cyber security and cyber response readiness. DIGITS LLC offers a full suite of proactive and reactive services t assist companies confront these challenges head-on!