InfoSec News Nuggets – February 19, 2019

Academics Confirm Major Predictive Policing Algorithm is Fundamentally Flawed Last week, Motherboard published an investigation which revealed that law enforcement agencies around the country are using PredPol—a predictive policing software that once cited the controversial, unproven “broken windows” policing theory as a part of its best practices.  In a 2014 presentation to police departments obtained by Motherboard, the company says that the software is “based on nearly seven years of detailed academic research into the…
Read More

InfoSec News Nuggets – February 18, 2019

Lenovo Watch X Riddled with Security Vulnerabilities Researchers are raking the Lenovo Watch X over the security coals in a report that blasts the device for shipping with a half dozen “disturbing” privacy and security vulnerabilities. The budget ($50) smartwatch was introduced in June 2018 and was initially praised for its design, features and affordability. But months following the launch, the Lenovo X Watch has since been hearing an earful from usability, and now security,…
Read More

InfoSec News Nuggets – February 15, 2019

Some GPS receivers may malfunction on or after April 6 April sees the GPS network go through a mini "millennium bug" of its own because the week number will roll back to a zero. While this is a known issue arising from the way the system works, it's recommended that those in charge of critical infrastructure which make use of GPS, along with other businesses and users who believe a malfunction would result in problems,…
Read More

InfoSec News Nuggets – February 14, 2019

Hackers Charged With Making Threats to Schools Two computer hackers were charged with sending false shooting and bomb threats to hundreds of schools and other institutions in the U.S. and Britain, federal prosecutors said Tuesday. The men are members of Apophis Squad, a worldwide collective of hackers intent on using the internet to “sow chaos,” the Department of Justice said in Los Angeles. Timothy Vaughn of Winston-Salem, North Carolina, was arrested this week by the…
Read More

InfoSec News Nuggets – Feb 13, 2019

              February 13, 2019   Microsoft States Windows Update DNS Issues are Finally Fixed Starting in late January, Windows 10 users began reporting that when they tried to perform an update, Windows would state that it could not connect to the Windows Update service. At the time, Microsoft did not disclose the cause of the issue, but as users could fix the problem by changing their DNS servers, it was widely thought to be a…
Read More

InfoSec News Nuggets – February 12, 2019

Facebook 'youth team' to focus on Messenger Kids app for under-13s Facebook is restructuring its “youth team” with a greater focus on Messenger Kids, its instant-messaging app for under-13s, reports say. The team, a small group within the company responsible for getting children to use the social network, had previously been working on an experimental new feature called LOL, described by industry news site TechCrunch as a “cringey teen meme hub”. With categories such as…
Read More

InfoSec News Nuggets – February 11, 2019

Foreign VPN apps need a close look from DHS, senators say The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says. Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore.,…
Read More

InfoSec News Nuggets – February 6, 2019

Crooks Continue to Exploit GoDaddy Hole Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. On January 22, KrebsOnSecurity published research showing that crooks behind a series of massive sextortion…
Read More

Catching Up

I took some time this weekend to catch-up a bit with AboutDFIR and add some of the content I've been too busy to share.  I've got tons more, so that will be coming as time allows.  I know Devon has stated it, but I'll reiterate, the links that we add often have context and so I've decided to take a few minutes to add some backstory around the new additions I've made this weekend. First,…
Read More

AboutDFIR.com updates across the board

Tons of updates across the website this weekend to include the new Tools section: Tools & Artifacts - Android Tools & Artifacts - File Systems Tools & Artifacts - Windows In addition, the existing Conferences page received a big update with the addition of CFP information.
Read More

Forensic Tools

Forensic tools, whether software or hardware, or just like traditional forensic science tools - they are designed by humans and typically meant to be used by trained users who understand both the artifacts they are processing as well as the results produced by the tool. Some tools are as simple as a USB write blocker - you plug one end into a computer, you plug a USB device into the other end, and it "just…
Read More

Episode 886: The Price Of A Hack

"The Price of a Hack" w/Chris DiIenno of Mullen Coughlin LLC law firm, experts in legal advice following or during a cyber security event, along w/Dina Temple-Raston of NPR. This piece was born out of a prior Kroll Cyber Risk digital forensics and incident response-related investigation, directed by legal counsel, to assist a client they was preyed upon via a Business Email Compromise-oriented targeting scheme. NPR Planet Money - Episode 886 "The Price Of A…
Read More

Android Nougat Image Available to the DFIR Community

Joshua Hickman has created, for the DFIR community, an image of Android 7.x (Nougat) populated with apps and test data for a wide range of usage - everything from testing tools to training to teaching. It was created using a stock Android image from Google.  Several popular applications (apps) were populated with user data utilizing the capabilities of each individual app.  The stock Android apps were also populated with user data. An LG Nexus 5x,…
Read More

InfoSec News Nuggets – January 2, 2019

Newspapers report suspected malware attack Staffers at some of America's best-known newspapers are wondering whether their systems were the victim of a foreign cyberattack. Several papers, including the Los Angeles Times and The San Diego Union-Tribune, suffered printing and distribution delays as a result of the incident. Some reporters chuckled at the irony of a digital bug interrupting printed papers. But there is also real concern about the effectiveness of the attack. Tribune Publishing said…
Read More

Threat Hunting for Non-Threat Hunters

Posted by MIKE ART REBULTAN at https://www.peerlyst.com/posts/threat-hunting-for-non-hunters-mike-art-rebultan-mit-ceh-ecsa. Threat hunting is a proactive task with an assumption that your organization has already been breached and you wanted to beat the average “dwell time” of 256 days; at least for me as a DFIR practitioner. And this is usually done with the help of different tools that we call “arsenals”; SIEM (security information and event management) and EDR (endpoint detection and response) mostly. However, security is not…
Read More

InfoSec News Nuggets – December 10, 2018

Amazon robot sets off bear repellant, putting 24 workers in hospital  Twenty-four employees at an Amazon warehouse inNew Jersey were taken to hospital after a robot accidentally punctured a can of bear repellant. The 255g can containing concentrated capsaicin, a compound in chilli peppers, was punctured by an automated machine after it fell off a shelf, according to local media. The incident happened on Wednesday at a warehouse in Robbinsville, New Jersey, on the outskirts…
Read More

SANS SEC401 – Comprehensive Review

To get started in InfoSec, One must drink from the fire hose eventually  First, I want to apologize for the very late and posts over the last month or so. My life has been a little chaotic bouncing between a few different things and I went on holiday for a few weeks and was told no laptop :). But alas. For this post, I wanted to jump into something that has been very near and…
Read More

InfoSec News Nuggets – 11/27/2018

City of Valdez, Alaska admits to paying off ransomware infection Officials from the city of Valdez, Alaska have admitted last week to paying $26,623.97 to hackers after the city's IT network was crippled by a ransomware infection in July. "Valdez Police Department[...] reached out through our law enforcement channels for assistance with addressing the ransom demand," said Bart Hinkle, Valdez police chief and operations section chief for the cyber incident response, in a press release…
Read More

InfoSec News Nuggets – November 20, 2018

Inside the Messy, Dark Side of Nintendo Switch Piracy The source of the leak had no chance of being traced. Someone, perhaps a professional games reviewer, had just helped dump a copy of Diablo III, a hotly anticipated Nintendo Switch game at least several days before its official launch date. The source had used a middleman who ultimately released the game for pirates to distribute among themselves.  This approach of disguising the original source of…
Read More

Office 365 DFIR

A planned methodology for developing and implementing a forensically sound incident response plan in Microsoft’s Office 365 cloud environment must be thoroughly researched and re-evaluated over time as the system evolves, new features are introduced, and older capabilities are deprecated. This presentation will walk through the numerous forensic, incident response, and evidentiary aspects of Office 365. The presentation is based on two years’ worth of collection of forensics and incident response data in Microsoft’s Office…
Read More

InfoSec News Nuggets – October 11, 2018

Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd. (Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won't be able to tell that they're using a…
Read More

InfoSec News Nuggets – October 1, 2018

Facebook Security Breach Exposes Accounts of 50 Million Users Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users. The breach, which was discovered this week, was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take…
Read More

InfoSec News Nuggets – September 26, 2018

Beware of Hurricane Florence Relief Scams If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include…
Read More

InfoSec News Nuggets – September 25, 2018

Credit Freezes are Free: Let the Ice Age Begin A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any…
Read More

InfoSec News Nuggets – September 24, 2018

Google responds to lawmaker concerns over Gmail scanning In July, Senators John Thune (R-SD), Roger Wicker (R-MS) and Jerry Moran (R-KS) sent Google a letter that sought information on Google's practice of allowing third-party app developers access to its users' emails. While Google stopped scanning Gmail messages for ad-targeting purposes earlier this year, it still offers access to others if users give their consent. Now, Google has replied to the lawmakers' letter. In it, Susan…
Read More

InfoSec News Nuggets – September 11, 2018

US government releases post-mortem report on Equifax hack The Government Accountability Office (GAO) has published a report to detail how the Equifax hack went down and how the credit reporting company answered during and after the incident. The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens. Some of the…
Read More

InfoSec News Nuggets – September 10, 2018

How US authorities tracked down the North Korean hacker behind WannaCry The DOJ indictment, one of the largest of its kind in regards to the number of pages, lists a vast array of email addresses used to register domain names and buy hosting services used in all the hacks. It also includes IP addresses used to access malware command and control (C&C) servers, social media accounts, and hacked servers that hosted malware used in the…
Read More

InfoSec News Nuggets – September 5, 2018

Twitter testing new feature that reveals when you’re online The feature, revealed in a post from Twitter’s director of product management and shared more widely by Twitter CEO Jack Dorsey, reveals that the site is toying with the idea of displaying a green dot next to active, online users. What isn’t entirely clear, however, is whether Twitter plans to make the feature opt-in or opt-out when/if it eventually rolls out to the great unwashed masses.…
Read More

InfoSec News Nuggets – September 4, 2018

Bitfi finally gives up claim cryptocurrency wallet is unhackable Earlier this month, McAfee said that "maybe calling it [Bitfi] unhackable was unwise." The slew of attacks and vulnerability reports has now forced the company to backtrack on its previous claims. On Twitter, the company posted a statement which said the company had hired external help in the form of a "Security Manager" who is "confirming vulnerabilities that have been identified by researchers." "Effective immediately, we…
Read More

InfoSec News Nuggets – August 30, 2018

Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers Voting machine maker ES&S says it did not cooperate with the Voting Village at hacking conference DEF CON because it worried the event posed a national security risk. This is according to a letter the biz sent to four US senators in response to inquiries about why the manufacturer was dismissive of the show's village and its warnings of wobbly security in…
Read More

InfoSec News Nuggets – August 27, 2018

New facial recognition tech catches first impostor at D.C. airport Facial recognition technology caught an impostor trying to enter the U.S. on a fake passport that may have passed at face value with humans, federal officials said Thursday. And the groundbreaking arrest came on just the third day the biometric technology has been used at Washington Dulles International Airport. The 26-year-old man arrived Wednesday on a flight from Sao Paulo, Brazil, and presented a French…
Read More

InfoSec News Nuggets – August 22, 2018

Kaspersky Ban Draws Few Public Comments How concerned are government and industry about a new law requiring federal agencies and contractors to rid themselves of any trace of Kaspersky anti-virus software? Not very concerned, by the looks of two calls for public comments on implementing the law, which responds to intelligence community concerns that the Russian company’s software could be used as a Kremlin spying tool. The main call for comments on a joint rule…
Read More

InfoSec News Nuggets – August 21, 2018

Google: To be clear, this is how we track you even with Location History turned off Google has updated its help page about turning Location History on or off to more accurately reflect that it actually does sometimes store the places you go even with the setting toggled to off. Though Google originally said its help page was clear and correct, the updated page now clarifies that turning off the setting can still allow location…
Read More

InfoSec News Nuggets – August 9, 2018

EXTORTIONISTS INCREASINGLY USING RECIPIENTS' PERSONAL INFORMATION TO INTIMIDATE VICTIMS The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties. Extortion attempts vary widely, but there are a few common indicators of the scam. The following list of commonalities is not exhaustive,…
Read More

InfoSec News Nuggets – August 8, 2018

Ex-Tesla Worker Accused of Hacking Seeks $1M in Counterclaim A former Tesla Inc. employee at the electric car maker's battery plant in Nevada is seeking at least $1 million in defamation damages after it accused him of sabotage, hacking into computers and stealing confidential information leaked to the media. Lawyers for Martin Tripp filed a counterclaim in federal court this week alleging any damages Tesla incurred were caused or contributed to by Tesla's "own negligence,…
Read More

InfoSec News Nuggets – August 6, 2018

Pence Calls on Senate to Create New Cyber Agency at DHS Vice President Mike Pence told the DHS Cybersecurity Summit in New York on Tuesday that “this critical issue requires more than new funding.” “America also needs a central hub for cybersecurity,” he said. “And today we call on the United States Senate to follow the lead of the House of Representatives and, before the end of this year, enact legislation to create a new…
Read More

Dissecting Official Reddit App, What Your Tools Don’t Tell You

Sometimes, Some Light Reversing is in Order! Reddit in general So this is probably not new to much of the readers of this blog, Reddit is kind of a big deal at this moment in its lifespan. For those who do not know though, Reddit is a social media platform that touts itself as the "Frontpage of the Internet"  What makes this social media platform so much different than say Facebook or Twitter -- is…
Read More

InfoSec News Nuggets – August 1, 2018

Steam game Abstractism pulled after cryptomining accusations Valve has pulled a game from its online Steam store after allegations were made that it was exploiting players’ computer resources to mine for cryptocurrency. Warning bells rang for players of the game, a simple and minimalist platformer called “Abstractism”, because it was consuming so much processing power from their CPUs and GPUs. When you see the very-basic game in action, it’s hard to believe that it could…
Read More

Reddit, Lets Talk About It

Sorry for the very long delay. Between heading out to DC to TA/Moderate the FOR585 class and work, it has been very chaotic! No excuse, but just very busy. One thing though that I have been working on has been reversing the Reddit App that came out about a year or so ago. Now, what really drew me to this is I'm not seeing a lot of support from the main forensic tools out there…
Read More

InfoSec News Nugget – July 24, 2018

Canada tackles malicious online advertising On July 11, 2018, the Canadian Radio-television and Telecommunications Commission (CRTC) imposed sanctions against the installation of malicious software through online advertising for the first time in its history. This decision was taken under the provisions of the Canadian Anti-Spam Legislation (CASL), which came into effect on July 1, 2014. The federal agency issued Notices of Violation to Datablocks and Sunlight Media, for allegedly facilitating the installation of malware through…
Read More

InfoSec News Nuggets – July 16, 2018

Engineer Found Guilty of Stealing Navy Secrets via Dropbox Account A jury trial found a former engineer at a Navy contractor guilty of stealing trade secrets regarding Navy projects by uploading the files to his personal Dropbox account. The man, Jared Dylan Sparks, 35, of Ardmore, Oklahoma, worked as an electrical engineer for LBI, Inc., a company authorized to build unmanned underwater vehicles (drones) for the US Navy's Office of Naval Research, and weather data-gathering…
Read More

InfoSec News Nuggets – July 12, 2018

Russian company had access to Facebook user data through apps A Russian internet company with links to the Kremlin was among the firms to which Facebook gave an extension which allowed them to collect data on unknowing users of the social network after a policy change supposedly stopped such collection. Facebook told CNN on Tuesday that apps developed by the Russian technology conglomerate Mail.Ru Group, were being looked at as part of the company's wider…
Read More

InfoSec News Nuggets – July 2, 2018

A massive cache of law enforcement personnel data has leaked A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned. The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law…
Read More

So You Want to Get into DFIR? Social Media Edition

Posting 365 days straight is definitely a lot harder of a challenge than you would think! Even with scheduling, time just gets away from you. With this blog, I wanted to at least give my own opinion on something that could have some grave consequences against you as a DFIR specialist: Social Media. This was inspired by a post I saw on LinkedIn from a colleague who is a Senior Forensic Examiner within the public…
Read More

InfoSec News Nuggets – June 28, 2018

Cyber Researchers Don’t Think Feds or Congress Can Protect Against Cyberattacks The federal government doesn’t understand cybersecurity and won’t be able to respond to a digital disaster such as a destructive hack aimed at the energy or financial sector, according to a survey of cybersecurity researchers released Tuesday. Only 13 percent of researchers “believe that Congress and the White House understand cyber threats and will take steps for future defenses,” according to the poll of…
Read More

InfoSec News Nuggets – June 27, 2018

FireEye Denies Hacking Back Against Chinese Cyberspies In his latest book, New York Times correspondent David Sanger describes how cybersecurity firm Mandiant hacked into the devices of Chinese cyberspies during its investigation into the threat group known as APT1. Mandiant, now owned by FireEye, published its famous report on APT1 back in 2013 when it was led by CEO Kevin Mandia. The company at the time released information apparently showing that the Chinese military had…
Read More

So You Want to Get into DFIR? Private Sector Edition

So you've decided that public sector is just not for you. Nothing wrong with that! We just need to work on getting you ready for different suits. This is a different animal all together! If you have a love for white collar issues, you'll see there is no end to the work you can do. If you love threat hunting, this will be a joy! What am I going to work?  This is going to…
Read More

InfoSec News Nuggets – June 26, 2018

Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure Google announced today a better model to improve biometric security, which will be available from Android P, allowing mobile app developers to integrate an enhanced mechanism within their apps to keep users’ data safe. Currently, the Android biometric authentication system uses two metrics—False Accept Rate (FAR) and False Reject Rate (FRR)—in combination with machine learning techniques to measure accuracy and precision of the user's input.…
Read More

So You Want to Get into DFIR? Public Sector Edition

So you've decided to go into the Public Sector for your Digital Forensics job? That is you've passed the rigorous background checks and the long awaited clearance background if you're going to a Federal entity. Awesome! What you'll probably see is that you'll already have some sort of training program put into place to get you going. On top of that you'll be working closely with folks who have "seen it all, done it all"…
Read More