Blog Articles
Analyzing September 2025’s Critical Zero-Day Vulnerabilities
6 minute read
Every once in a while, we like to show off one of our hard-working, detail-oriented problem solvers. Take a moment to see who's in the spotlight today!
In the high-stakes world of business, where decisions can make or break empires, I’ve often found myself drawing parallels between corporate strategy and military operations. As someone deeply immersed in AI, AI security, and aligning technology with business objectives, I've seen firsthand how overlooking key elements – like cybersecurity – can lead to catastrophic failures.
Cybercriminals are increasingly targeting organizations and individuals by intercepting legitimate email communications and altering wire transfer instructions. This sophisticated form of business email compromise (BEC) has led to billions in financial losses globally. The attackers exploit trust, timing, and lack of verification protocols to redirect funds into fraudulent accounts, often irreversibly.
Too many organizations treat incident response (IR) like a fire extinguisher: break glass when needed. But real resilience is built long before the alarms go off.
When intellectual property (IP) litigation collides with the world of eDiscovery, it introduces a layer of complexity that traditional document review workflows aren't always prepared to handle. From dense patent filings to proprietary source code and deeply technical product specs, legal teams navigating IP disputes must adapt their review strategies to keep pace with the specialized nature of the data.
The digital evidence landscape is changing – fast. What used to be a relatively straightforward process of collecting emails and documents has become a much more complex challenge. In today’s legal matters, relevant data may live across social media platforms, cloud-based collaboration tools, mobile apps, and beyond.
Corporate in-house counsel face increasing challenges in managing data collections and digital forensics. Leveraging the expertise of an experienced outside vendor can be a game-changer.
The legal industry is undergoing a revolutionary transformation with the advent of AI-powered document automation, streamlining processes and enhancing efficiency.
In the ever-evolving landscape of legal technology, the discoverability of ChatGPT prompts in litigation is a pressing concern for attorneys and clients alike. Understanding the nuances of relevance, privilege, and emerging case law is paramount.
Healthcare is facing some major changes thanks to the latest proposed updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. These changes are a big deal: they’re the biggest updates we’ve seen in years and they’re all about keeping patient data safer in today’s digital world.
Nearly every aspect of our lives – personal, professional, and financial – leaves behind a digital footprint. From smartphones and laptops to cloud systems and even Internet of Things (IoT) devices, data is constantly being created, stored, and transmitted.
In 2025, law firms will continue to be prime targets for cybercriminals looking to exploit sensitive client data, disrupt operations, and ransom valuable information. With technology advancing at a rapid pace, so are the tactics used by cyber attackers, making it essential for legal professionals to stay ahead of emerging risks. From sophisticated ransomware attacks to insider threats, law firms must proactively address these challenges to safeguard sensitive data and ensure compliance with ever-evolving regulations.
In the fast-paced world of eDiscovery, vast amounts of data must be reviewed and processed quickly, yet accurately. Traditional methods of privilege review, where legal professionals manually sift through documents to identify privileged information, are labor-intensive, prone to human error, and inefficient. That’s why artificial intelligence (AI) has been a game changer, automating privilege review and dramatically improving both speed and precision in the eDiscovery process.
Migrating data to a new or updated eDiscovery platform enables your organization to take advantage of enhanced features, increased security, better data management, and/or cost savings – or to consolidate data from multiple sources. Data migration ultimately streamlines the legal discovery process, boosts efficiency, and provides access to advanced analytics and capabilities offered by the new platform.
Although emails, texts, and cloud-based data are commonplace, paper documents continue to play an essential and significant role in the legal discovery process. Many legal matters still involve a combination of old and new records, and the authenticity, integrity, and legal weight of physical documents cannot always be fully replaced by digital equivalents. That’s why Avalon still provides paper discovery – scanning and digitizing paper records – in addition to electronic discovery, to our clients.
The team at Avalon just wanted to remind you that the New York Department of Financial Services (NYDFS) cybersecurity regulation deadline is fast approaching. As part of NY DFS Cybersecurity Regulation 23 NYCRR 500, companies regulated by NYDFS are required to complete and file their annual cybersecurity compliance certification with the department.
Internet of things (IoT) forensics refers to the application of forensic techniques to retrieve, preserve, and analyze data from IoT devices in legal proceedings. IoT devices include everything from smartphones and tablets to connected cars, medical devices, and even home appliances like refrigerators or thermostats. These devices often store critical information, such as user activity logs, GPS locations, health data, and more, which can be invaluable in solving cases.
A new state privacy law, recently passed by New York's legislature, is awaiting Governor Kathy Hocul’s signature and is expected to significantly complicate and restrict the processing and sharing of various health information by a wide range of organizations.
In the ever-evolving landscape of legal technology, the discoverability of ChatGPT prompts in litigation is a pressing concern for attorneys and clients alike. Understanding the nuances of relevance, privilege, and emerging case law is paramount.
In an era where data breaches make headlines, understanding data privacy regulations in eDiscovery is not just a legal necessity but a strategic imperative.
For legal document review teams, the need to sort through tens – even hundreds – of thousands of electronic documents is hardly unusual. Fortunately, the integration of artificial intelligence (AI) with human expertise has revolutionized this process. Combining AI’s speed and accuracy with human judgment and understanding improves the efficiency and accuracy of how documents are reviewed and analyzed.
In January, the National Institute of Standards and Technology (NIST) released a concept paper as they work to draft the Cybersecurity Framework (CSF or Framework) 2.0, an update to the current 1.1 Framework that was last updated in 2018, as well as associated resources such as websites, mappings, and related guidance. The purpose of the CSF is to provide guidance to organizations to better understand, manage, reduce, and communicate cybersecurity risks.
As the number and severity of cyber threats and attacks continues to rise, it’s more important than ever to make sure your organization is cyber ready. Safeguarding your environment, including the systems and data within, will both reduce risk and promote business operation continuity and security.
The phrase “managed review” came from the need to oversee a room full of attorneys poring over documents one by one, taking the knowledge gained from this large volume of electronically stored information (ESI) or scanned hard copies, and filtering it back to the litigation team who would determine how to use this information for trial.
As covered in our previous article, the New York Department of Financial Services (NYDFS) updated its Cybersecurity Regulation in 2023. To help entities roll out the changes and new requirements, they have provided phased timelines for when these items must be implemented by.
You may have heard the saying: “Change is the only constant in life.” This is certainly true of the information technology industry, which in turn, has a ripple effect on the technology, services, risk, and regulatory requirements that impact your organization and its environment.
In February 2024, the National Institute of Standards and Technology (NIST) released Version 2.0 of the Cybersecurity Framework (CSF or the Framework) which is the first significant update to the Framework since 2014 when it was first created.
You are not alone if you woke up this morning with a Blue Screen of Death (BSOD). Please reach out to the Avalon Cyber team if you need assistance: 877.216.2511.
Thousands of car dealerships’ operations slowed to a halt last Wednesday as their core dealer management system, CDK, shut down. CDK Global announced that they were investigating a cyber incident and “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible” according to spokesperson, Lisa Finney. The company said later that day that most of their critical systems were back online, but the next day they announced that another incident had happened.
Earlier this month, Avalon Cyber posted a poll on LinkedIn asking, “What cybersecurity threat keeps you up at night?” The choices were: external threat (for example, ransomware), internal threat (i.e., IP theft), or the birth of GenAI.
While Avalon Cyber has offered managed detection and response services for years, KnightVision MXDR, our managed extended detection and response service, provides your organization with the highest standard of cybersecurity protection available today.
There are over 33 million small or medium-sized businesses (SMBs) in the U.S. – making up over 99% of all U.S. companies – and recovering from a cyberattack can be costly to these businesses.
Avalon previously reported on proposed changes that may have a significant impact on the current 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500) released by the New York State Department of Financial Services (NYSDFS).
Surge PE announced that it has added leading managed review and legal staffing provider, Tower Legal Solutions, to the Avalon platform. Avalon offers technology-based services like digital forensics, cybersecurity and eDiscovery, as well as business-critical document services.
There has been a lot of talk recently about artificial intelligence (AI), especially around ChatGPT, a chatbot which interacts in a conversational way. As a broad category, AI is the simulation of human processes by machines and computer systems. A few business use cases may include leveraging AI to provide fast and accurate response for customer inquiries, assisting with topic research, or reviewing patient medical history for purposes of medical diagnosis. As this technology continues to evolve, businesses are finding more and more use cases for AI programs.
The human, “eyes on documents,” part of discovery is by far the costliest. But you can save your attorneys time – and your clients money – by using Avalon’s contract attorneys, from project planning to completion. Since our reviewers’ billing rate is a fraction of the cost of a typical in-house case team, your firm can save thousands – or even hundreds of thousands – of dollars per project.
Avalon is proud to announce that we have been designated as a RelativityOne Silver Partner for providing an exceptional service experience to our RelativityOne end users.
The reach of electronic discovery expands exponentially year after year. This should come as no surprise, considering the staggering amount of electronic information being generated daily by organizations and individuals. Given the prevalence and magnitude of electronically stored information (ESI) in today’s litigation, law firms and corporations are faced with the question of whether to outsource their ESI needs or to deal with them in-house.
Anyone who has been involved with an eDiscovery review project knows that the most expensive aspect is the review process. But a great way to keep costs down is to leverage technology and review less data. That’s why the team at Avalon suggests early case assessment (ECA). ECA can be described in numerous ways, but the simplest is: It’s a process used to get insight into data stores prior to full processing and review.
The weather is changing, and spring is upon us. Each year around this time, many people tend to do a thorough cleaning of their home and maybe tackle a few home improvement projects before summer arrives. We cannot forget to do the same maintenance and enhancements to our cybersecurity program. To assist you, we created this basic cybersecurity “to-do” list to ensure that you are being proactive and performing key practices and controls that will help reduce risk and make your organization more secure.
In early 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to all businesses and government entities on the risk of Russian cyberattacks affecting US systems and networks. Rob Lee, CEO of Dragos, indicates that his team has “observed threat groups that have been attributed to the Russian government by US government agencies performing reconnaissance against US industrial infrastructure, including key electric and natural gas sites in recent months.”
Legal teams are often frustrated with the investments and expenses associated with their eDiscovery needs, whether their support is internal or outsourced. The continued investments in the latest technology, training of staff, and expensive infrastructure are at odds with the desire for dedicated services at a predictable cost.
Microsoft 365 (previously Office 365) offers a wealth of tools, including Teams, SharePoint, OneDrive, PowerPoint, Excel, and more, that help your team work and collaborate easily and efficiently from anywhere in the world. And, since the platform is cloud-based, your business has access to all these resources, yet doesn’t have to host the infrastructure.
Avalon is proud to announce that we have successfully completed the SOC 2 Type 1 information security audit as of July 2021. The scope of the audit included our cybersecurity, eDiscovery, and secure print and mail services.
So here's the main difference between vulnerability assessments and penetration tests, put as simply and briefly as possible:
"Before RSMF, it was a complete nightmare,” said Scott Huter, Avalon’s Regional Director of Enterprise Sales, about exporting data from mobile devices, Slack, and other non-traditional platforms prior to Relativity’s revolutionary solution. “Clients were looking at spreadsheets, trying to hyperlink to pictures and attachments, and trying to produce all or some of it. This type of data just didn’t play nice in the eDiscovery world.”
The world of eDiscovery definitely has a language all its own. Here’s a list of terms to help you get more familiar with the industry, learn a new phrase or two, and maybe even find a few gems for your next Scrabble game.
In the first few months of 2020, Zoom usage has skyrocketed. Daily downloads in January were 56,000. In March, that number rose to 2.13 million. Families and friends use it to catch up and check in on each other. Businesses utilize it for remote meetings and to instill a sense of culture and camaraderie. Even law firms have found Zoom to be a useful tool for consulting with clients, as well as appearing before judges.