[SECURITY] Fedora 34 Update: libguestfs-1.45.7-2.fc34

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components

Thanks to CSI and the many other crime-solving shows that have grasped our collective imagination for decades, we're all at least somewhat familiar with the field of forensics and its unique appeal. At some point, anyone who's watched these series has probably envisioned themselves in the...

MEAT - This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices and Android in the future. Requirements to run from source Windows or Linux Python 3.7.4 or 3.7.2 Pip...

Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. Its useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It...

CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...

Top Black Hat USA Sessions for Qualys Customers

Black Hat USA is known for cutting-edge security research, and this year’s conference is no different. If you’re a Qualys customer, here are some Black Hat sessions we think youll find relevant. Next-Gen DFIR: Mass Exploits & Supplier Compromise An investigation of real “next-gen” digital forensi...

Tencent's Self-Selected Stocks Have Logic Flaw Vulnerabilities

Tencent Self-Select is a securities investment mobile Internet application. Tencent Self-Select has a logic flaw vulnerability that can be exploited by an attacker to inject malicious code or modify the software logic to bypass forensics during the repackaging process...

Huawei Smartphone 安全漏洞

Huawei Smartphone is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in Huawei Smartphone. Successful exploitation of this vulnerability may result in bypassing forensics...

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...

Volatility GUI - GUI For Volatility Forensics Tool

This is a GUI for Volatility forensics tool written in PyQT5 Prerequisites: 1- Installed version of Volatility. 2- Install PyQT5. sudo apt-get install python3-pyqt5 3- Download Volatility GUI. Configuration From the downloaded Volatility GUI, edit config.py file to specify 1- Python 2 bainary nam...

200K Veterans’ Med Records May Have Been Stolen by Ransomware Gang

UPDATE A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. The VA for it’s par...

Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool

Features: Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting ability Can be used before, during or after an incident For one to many workstations Scans the MFT, bypassing file permissions, file locks or OS file...

Rapid7 and Velociraptor Join Forces

Exciting news! Rapid7 has acquired a digital forensics and incident response DFIR framework. Velociraptor is an open-source project that allows for hunting across thousands of hosts to provide actionable data in minutes and unprecedented visibility into the state of endpoints. A cyberattack can...

Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Summary Updated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign Intelligence Service SVR. Additional information may be found in astatement from the White House. For more information on SolarWinds-related activity, go to...

Qualys Update on Accellion FTA Security Incident

Update April 2, 2021 to the March 3 original blog post: As part of our commitment to keeping customers and the community informed about how we are addressing and resolving the Accellion FTA cyber incident, we are providing the following update to confirm containment of the incident and share...

How one data scientist is pioneering techniques to detect security threats

Data science is an increasingly popular field of study that’s relevant to every industry. When Maria Puertas Calvo was a student, she never imagined that one day she would pioneer data science techniques to detect security threats. She started her Microsoft career on the Safety Platform team,...

How one data scientist is pioneering techniques to detect security threats

Data science is an increasingly popular field of study that’s relevant to every industry. When Maria Puertas Calvo was a student, she never imagined that one day she would pioneer data science techniques to detect security threats. She started her Microsoft career on the Safety Platform team,...

How to Successfully Pursue a Career in Malware Analysis

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferati...

Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments

CISA Hunt and Incident Response Program CHIRP is a new forensics collection tool that CISA developed to help network defenders find indicators of compromise IOCs associated with the SolarWinds and Active Directory/M365 Compromise. CHIRP is freely available on the CISA GitHub repository. Similar t...

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...