Ships can’t be hacked. Wrong

I get a lot of objections from ships captains when discussing security flaws in ships, so I felt it worthwhile looking at these in some detail. The usual response is ‘ships can’t be hacked.’ When I dig further, what they usually seem to mean is that ‘processes aboard the bridge mean that the...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam

A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise BEC campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. outside of London announced in a recent website notice that £932,000 of the money pai...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

The vulnerability of Check Point Security Gateway’s security gateway, related to deficiencies in handling exceptional states, allows a perpetrator to trigger a service failure.

The vulnerability of Check Point Security Gateway’s security gateway is related to deficiencies in handling exceptional states when the Threat Prevention Forensics feature is enabled. Exploiting this vulnerability can allow a malicious actor to cause service failures...

IR & Forensics in the Cloud

More and more organisations are moving their business to the cloud. This makes securing data and being able to respond effectively to incidents in cloud environments an important topic. Having the skills on hand to properly collect digital forensics data in response to a legal dispute or during a...

Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers

UPDATE Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one...

CAINE 11 - GNU/Linux Live Distribution For Digital Forensics Project, Windows Side Forensics And Incident Response

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti Bari - Italy. CAINE offers a complete forensic environment that is organized to integrate existing software tools as...

Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites

A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors’ payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data – a...

ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks

LAS VEGAS – From insider threats, Internet of Things insecurity, to medical device hacking, ENFUSE 2019 broke down the top privacy and security issues help desks are seeing today. It also tackle what regulatory efforts are being developed to address those threats. Threatpost editor Lindsey...

Are students prepared for real-world cyber curveballs?

With a projected “skills gap” numbering in the millions for open cyber headcount, educating a diverse workforce is critical to corporate and national cyber defense moving forward. However, are today’s students getting the preparation they need to do the cybersecurity work of tomorrow? To help...

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...

In a rare scenario, R80.30 Security Gateway managed by R80.30 Security Management crashes when Threat Prevention Forensics feature is enabled

...

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being...

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...

Recent Cloud Atlas activity

Also known as Inception, Cloud Atlas is an actor that has a long history of cyber-espionage operations targeting industries and governmental entities. We first reported Cloud Atlas in 2014 and we've been following its activities ever since. From the beginning of 2019 until July, we have been able...

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We...