19 Aug 2023
By Devon

Day 5 – Excerpt from Chapter 5 – “Intrusion Lifecycles”

Day 5 – Excerpt from my newly released book, “Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn” which you can purchase your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "Nearly all intrusions involve some type of scouting stage, although attackers may not have specific targets in mind when they start. This is the stage where the attacker may collect information about a victim through the review or…
Read More
15 Aug 2023
By Devon

Day 4 – Excerpt from Chapter 4 – User Causality in the context of DFIR

Day 4 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "User causality in the context of Digital Forensics science refers to the relationship between a user's actions (cause) and the resulting impact on a digital system (effect) which fundamentally underpins Locard’s Exchange Principle. Understanding this cause-and-effect relationship is…
Read More
14 Aug 2023
By Devon
Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "Locard's Exchange Principle is a fundamental concept in traditional forensic science, which posits that 'every contact leaves a trace.' In other words, any interaction between an individual and their environment will result in the transfer of physical evidence…
Read More
11 Aug 2023
By Devon
Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 - Excerpt from the second chapter of my brand new #book, "#DivingIn - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which can be viewed and purchased here! "#Forensic examiners must be able to defensibly recover/extract relevant #evidence, preserve it, and present findings in a manner that it can be legally used in the identification and #attribution of #cybercrime. This includes being able to articulate…
Read More
10 Aug 2023
By Devon
Diving In – An Incident Responder’s Journey – An Excerpt

Diving In – An Incident Responder’s Journey – An Excerpt

Excerpt from the opening chapter of my new #book, Diving In - An Incident Responder's Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn, can be purchased here. "Digital Forensics and Incident Response (#DFIR) are two essential areas of investigative and reactive cybersecurity that aim to protect individuals, governments, and organizations of all sizes and complexity from ever-present, ever-evolving cyber threats. Legal counsel and cyber insurance carriers are often called upon…
Read More
18 May 2022
By Devon

The Effect of Ransomware After The Investigation

Ransomware. It’s a word that has become interwoven into the fabric of global corporate, business and legal vernacular. The threat is briefed to executive leadership teams during security update calls and to boards of directors during quarterly earnings calls. Its risks are part of mergers and acquisitions (M&A) strategy planning and are specifically identified in cyber insurance coverage policies with exclusions and sub-limits. And an entire industry exists around threat intelligence, in which the proverbial…
Read More
22 Feb 2020
By Devon

I want to see your Resume!

Do you know of someone just graduating with their college degree in #DFIR or #CyberSecurity or #security looking for their first job? I am interested! Send me a resume -> devon.ackerman@kroll.com with Resume in the subject line. Tag your friends, tag your colleagues.
Read More
22 Sep 2019
By Devon

281 Arrested Worldwide in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes

Federal authorities announced today a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens.  Operation reWired, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, U.S. Postal Inspection Service, and the U.S. Department of State, was conducted over a four-month period, resulting in 281 arrests…
Read More
17 Aug 2019
By Devon

Holiday Hack Sneak Peek 2019

It seems the SANS Annual Holiday Hack Challenge buzz begins earlier and earlier every year.  This year is no exception.  My first HolidayHack CheatSheet of the season is here! HUGE shout-out to our Red Team mole, Stephen Sampana for infiltrating Ed Skoudis' party in Vegas during BlackHat/DEFCON/BSides week and reporting back clues. Download v1.0 of my Kringle Con CheatSheet NOW! Enjoy! In other news, I've added some new items to our site that may interest…
Read More
01 Aug 2019
By Devon

InfoSec News Nuggets – 08/01/2019

1 My info was in the Capital One breach. What should I do? While the security world focuses on the aftermath of the Capital One data breach, the majority of those impacted by the incident are left with one big question: What do I do? The amount of information taken from the bank’s system is extensive: names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income on 100 million…
Read More
26 Jul 2019
By Devon

InfoSec News Nuggets – 07/26/2019

1 Equipment Benefits Administrator Reports Data Breach A Michigan-based administrator for durable medical equipment benefits is the latest business associate to report a large health data breach affecting patients as well as healthcare providers. In a July 12 statement, Madison Heights, Michigan-based Northwood Inc. says that on May 6 it discovered "suspicious activity" involving an employee email account. "Working together with a leading computer forensics expert, our investigation determined that an unauthorized individual or individuals…
Read More
26 Jul 2019
By Devon

InfoSec News Nuggets – 07/25/2019

1 Your Android’s accelerometer could be used to eavesdrop on your calls Just because you don’t give an application access to your microphone doesn’t mean that it can’t listen to you. Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more. When you install an Android app, it has to ask your permission if it wants access to…
Read More
22 Jul 2019
By Devon

InfoSec News Nuggets – 07/22/2019

    1 Still not using HTTPS? Firefox is about to shame you Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver. Soon, whenever you visit one of the shrinking number of sites that doesn’t use a security certificate, the Firefox browser will warn you. Firefox developer Johann Hofmann announced the news this week: In desktop Firefox 70, we intend to show an icon in the “identity…
Read More
19 Jul 2019
By Devon

InfoSec News Nuggets – 07/19/2019

  1 Alarm sounds over census cybersecurity concerns Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete…
Read More
16 Jul 2019
By Devon

InfoSec News Nuggets – 07/16/2019

1 MyDashWallet was compromised for 2 MONTHS MyDashWallet, a service that purports to be the fastest way of using DASH cryptocurrency, has revealed its platform was compromised for two whole months, and is now urging users to move their funds as soon as possible (if they’re still there). “The hacker was able to obtain private keys used between May 13 and July 12,” wrote Dash marketing manager Michael Seitz in a July 12 Dash forum…
Read More
15 Jul 2019
By Devon

InfoSec News Nuggets – 07/15/2019

  1 Self-driving shuttle crashed in Las Vegas because manual controls were locked away The National Transportation Safety Board (NTSB) has wrapped up a more than year-long investigation into a low-speed crash between a self-driving shuttle and a delivery truck in Las Vegas on November 8th, 2017. The agency determined two main probable causes for the accident: the truck driver’s assumption that the shuttle would move to avoid him, and that the safety operator inside…
Read More
11 Jul 2019
By Devon

InfoSec News Nuggets – 07/11/2019

              July 11, 2019   1 Bank voice authentication can be hacked via deepfake audio An investigation conducted by IT security audit specialists from cybersecurity firm Symantec has detected at least three cases of financial fraud involving the use of fake audio generated by artificial intelligence software, a practice known as deepfake, frequently used on adult content sites. This kind of software can be trained using a considerable amount of audio records; in this case,…
Read More
08 Jul 2019
By Devon

InfoSec News Nuggets – 07/08/2019

1 Hacker Who Disrupted Sony Gaming Firm Gets Federal Prison A hacker who disrupted Sony Online Entertainment and other gaming companies has been sentenced to more than two years in federal prison. Twenty-three-year-old Austin Thompson of Utah received the 27-month sentence on Tuesday in San Diego. Prosecutors said Thompson carried out a series of distributed denial-of-service computer attacks against Sony and other targets in 2013 and 2014. The attacks flood computer servers with traffic, making…
Read More
05 Jul 2019
By Devon

InfoSec News Nuggets – 07/05/2019

1 New FaceTime feature forces you to make eye contact FaceTime and other forms of video calling are already inherently weird, but Apple seems committed to making it as uncomfortable as possible. Apple is running an iOS 13 beta ahead of the big update's launch later this year and one new feature made waves on Twitter on Tuesday. "FaceTime Attention Correction" promises to make your eye contact "more accurate" during video calls, according to the…
Read More
04 Jul 2019
By Devon

InfoSec News Nuggets – 07/04/2019

1 US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outlook that if exploited could allow an attacker to bypass security features and execute arbitrary commands on targeted Windows computers. Microsoft issued a patch for the vulnerability…
Read More
02 Jul 2019
By Devon

InfoSec News Nuggets – 07/02/2019

1 Hackers are repeatedly targeting Navy contractors Huntington Ingalls, the Navy’s largest shipbuilder, was compromised by a large-scale hacking campaign waged by several organs of the Chinese government, according to a Reuters report. However, the company denied the allegation in a June 27 email to Fifth Domain, saying, “there was no breach of information” from Newport News Shipyard, nor were their systems connected to a foreign server controlled by a Chinese group, known as APT10. The…
Read More
27 Jun 2019
By Devon

InfoSec News Nuggets – 06/27/2019

1 U.S. CYBERATTACK ON IRAN JUST PUT A TARGET ON AMERICAN BUSINESSES President Donald Trump came within minutes of starting another war in the Middle East last week when he ordered, and then abruptly canceled, a missile strike against Iranian bases. Instead, he launched another strike: a long-planned cyberattack, designed to quietly cripple Iran’s missile defense systems. Anonymous U.S. officials claimed an instant victory, although Iran insists it failed to penetrate its systems. The impact…
Read More
25 Jun 2019
By Devon

InfoSec News Nuggets – 06/25/2019

1 Beware of Fake John McAfee and Tesla Cryptocurrency Giveaways A resurgence of scam campaigns that pretend to be Bitcoin and Ethereum giveaways from Tesla, Elon Musk, and John McAfee are underway. These scams rise in popularity as cryptocurrency prices increase. BleepingComputer was told by security researcher Frost that there has been a resurgence of cryptocurrency giveaway scams being promoted on Twitter. These scams state that if a person sends between .05 to 5 Bitcoins…
Read More
21 Jun 2019
By Devon

InfoSec News Nuggets – 06/21/2019

1 Hacker Steals Customer Payment Info in EatStreet Data Breach Online food ordering service EatStreet disclosed a security incident from May which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners. EatStreet is currently "servicing over 15,000 restaurants in more than 1,100 cities" according to the company's website and it is a "one-stop-shop for online ordering and marketing" by offering partnered restaurants "web, mobile, and social…
Read More
18 Jun 2019
By Devon

IInfoSec News Nuggets – 06/18/2019

1 Phishing Scam Asks You to Login to Read Encrypted Message A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message. As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into…
Read More
17 Jun 2019
By Devon

InfoSec News Nuggets – 06/17/2019

1 Yubico Replacing YubiKey FIPS Devices Due to Security Issue Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. In a security advisory published on Thursday, the company informed customers that the issue impacts YubiKey FIPS series devices running versions 4.4.2 and 4.4.4 of…
Read More
13 Jun 2019
By Devon

InfoSec News Nuggets – 06/13/2019

1 Aerial assessment: The insurance adjuster is a drone Drone delivery may be taking off slowly in the U.S. thanks to strict FAA oversight, but drones have become a key tool for inspection in many industries. Now, that includes the insurance sector, where damage assessments are frequently performed by drones equipped with machine vision and AI. That fact was driven home with an announcement from Kespry, a drone-based aerial intelligence company, which has teamed up…
Read More
10 Jun 2019
By Devon

#InfoSec News Nuggets – 06/10/2019

1 'Surveillance capitalism': critic urges Toronto to abandon smart city project A “smart city” project in Canada has hit yet another snag, as mounting delays and privacy concerns threaten the controversial development along the Toronto’s eastern waterfront. The 12-acre Quayside project, a partnership between Google’s Sidewalk Labs and the city of Toronto, has come under increasing scrutiny amid concerns over privacy and data harvesting. This week, the US venture capitalist Roger McNamee warned that technology…
Read More
07 Jun 2019
By Devon

InfoSec News Nuggets – 06/07/2019

1 Gang charged with $19 million iPhone scam A gang in New York allegedly spent the past seven years using the ripped-off identities of cellphone subscribers to steal $19 million worth of iPhones, according to a now-unsealed complaint originally filed by federal prosecutors at the end of April 2019. The six defendants have been charged with felony counts of mail fraud, conspiracy, and aggravated identity theft. New York City Police Department (NYPD) detective Armando Coutinh,…
Read More
30 May 2019
By Devon

#InfoSec News Nuggets – 05/30/2019

1 News aggregator Flipboard disclosed a data breach The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information. Hackers had access to the company systems between June 2, 2018, and March 23, 2019, and again on April 21-22, 2019. On April 23, the internal staff noticed suspicious activity in its infrastructure. “We recently identified unauthorized access to some of our…
Read More
29 May 2019
By Devon

#InfoSec News Nuggets – 05/29/2019

1 Hackers breach US license plate scanning company One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach after news site The Register was sent files stolen from it last week. The company is probably best known for designing the licence plate imaging systems used at the US border crossings with Mexico and Canada. According to the site, a hacker using the identity “Boris Bullet-Dodger”…
Read More
27 May 2019
By Devon

#InfoSec News Nuggets – 05/27/2019

1 Hospitals testing virtual reality to improve pain management, reduce opioid usage When sickle cell disease patients experiencing a pain crisis show up at the emergency department hoping for relief, they’re often treated with a heavy dose of opioids and other medications. But St. Jude Children’s Research Hospital is trying something new. To enhance the effect of medication, cut the amount of opioids used in treatment and lower the chances a patient is admitted, the…
Read More
24 May 2019
By Devon

#InfoSec News Nuggets – 05/24/2019

1 You're Not At Fault, Google Search Tripped and Broke Its Index This is an article about a Google problem that most of you won't see until it is fixed. That is because Google Search is having a problem where new content is not being indexed in their searched results. We first noticed this when one of our recently published stories was not showing up in Google. When taking a look at other sites, Bleeping…
Read More
23 May 2019
By Devon

#InfoSec News Nuggets – 05/23/2019

1 Xbox chief Phil Spencer outlines plans for fighting toxicity in gaming Microsoft’s Xbox chief Phil Spencer says he’s acutely aware of the problems the gaming industry faces from a cultural perspective — issues like toxicity, abuse and harassment, and exclusionary attitudes that can keep gaming’s benefits from spreading beyond its most hardcore, traditional demographic. So today, Spencer says Microsoft is launching an industry-wide initiative to combat these issues by sharing solutions and technology and…
Read More
22 May 2019
By Devon

#InfoSec News Nuggets – 05/22/2019

1 In Middle of Trade War, America’s Busiest Port Gets Ready for Robots Pier 400 in Los Angeles is North America’s largest shipping terminal. More than 1,700 trucks pass through, on average per day, even in the middle of the U.S.-China trade war. All that cargo translates into thousands of miles driven within the facility each day, mostly by diesel vehicles, spewing pollutants. For APM Terminals, the part of global shipping company A.P. Moller-Maersk A/S…
Read More
21 May 2019
By Devon

#InfoSec News Nuggets – 05/21/2019

1 Google is using Your Gmail Account to Track Your Purchases This week, a user posted on Reddit about how they discovered that their Google Account's Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay. When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from…
Read More
20 May 2019
By Devon

#InfoSec News Nuggets – 05/20/2019

1 Company behind LeakedSource pleads guilty in Canada Defiant Tech Inc., the company behind the LeakedSource.com portal, pleaded guilty this week, according to a press release from the Royal Canadian Mounted Police (RCMP). The LeakedSource website launched in late 2015 and rose to infamy in 2016. Its operators gathered data from hacked companies, either from the public domain or by buying it from hackers. LeakedSource provided access to this illegally obtained information via a search…
Read More
11 May 2019
By Devon

Weekend of Updates

Looking for Annual Reports on Industry Threats and Trends? https://aboutdfir.com/annual-industry-reports/ Overhauled Blog page to now focus on corporate and blogs not associated with any one specific author.  All of the author specific data has been pulled out and dropped into Men of #DFIR and Women of #DFIR pages. https://aboutdfir.com/reading/blogs/
Read More
10 May 2019
By Devon

InfoSec News Nuggets – 05/10/2019

1 Former NSA analyst charged in leak of classified documents to reporter A former National Security Agency analyst has been charged and arrested for illegally obtaining classified national defense information, including files on drone warfare, and disclosing it to a reporter. The charges, which were filed originally in March of this year in federal court in Alexandria, Virginia, include obtaining, retaining, transmitting, and causing the communication of national defense information, disclosure of classified communications intelligence…
Read More
10 May 2019
By Devon

#women in #dfir

Across the Cyber Security, Info. Security, and DFIR industries, women are enhancing the ranks of investigative digital sciences to solve problems, investigate crimes, and protect networks. Many organizations have been formed to recognize women who are entering the market, completing higher education in Digital Forensics, and leading in innovation, speaking engagements, and research projects. https://aboutdfir.com/women-of-dfir/ is now live and dedicated to those women.  More to be added in the coming months.
Read More
08 May 2019
By Devon

InfoSec News Nuggets – May 8, 2019

1 Unhackable? New chip makes the computer an unsolvable puzzle A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan. Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second–infinitely faster than a human hacker…
Read More
06 May 2019
By Devon

InfoSec News Nuggets – May 6, 2019

1 Ladders Database Exposed 13M User Records Sanyam Jain, a security researcher and a member of the GDI Foundation, discovered a database belonging to the employment-recruitment site Ladders left exposed online on a misconfigured AWS-hosted database. The archive contained 13 million user records, data related to job seekers who had signed up for the service. Exposed records included contact details, current compensation, and applicants’ employment histories. “Ladders, one of the most popular job recruitment sites…
Read More
02 May 2019
By Devon

InfoSec News Nuggets – May 2, 2019

1 Instagram will test hiding public like counts in Canada Instagram announced at its F8 developer conference today that it’ll start testing a new feature later this week that’ll hide users’ public like counts on videos and photos. The test will only be in Canada, and likes will be hidden in the Feed, permalinked pages, and on profiles. Instagram says it wants followers to “focus on the photos and videos you share, not how many…
Read More
01 May 2019
By Devon

InfoSec News Nuggets – May 1, 2019

1 Nearly all 2020 presidential candidates aren’t using a basic email security feature New data out by Agari  confirms just one presidential hopeful — Democratic candidate Elizabeth Warren  — uses domain-based message authentication, reporting, and conformance policy — or DMARC . This email security feature sits on top of two existing security protocols, Sender Policy Framework (SKF) and DomainKeys Identified Mail (DKIM), which cryptographically verifies a sender’s email, and can mark emails as spam or…
Read More
30 Apr 2019
By Devon

InfoSec News Nuggets – April 30, 2019

1 Docker Hub Database Hack Exposes Sensitive Data of 190K Users An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories. According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019. After performing an investigation it…
Read More
29 Apr 2019
By Devon

InfoSec News Nuggets – April 29, 2019

1 FedEx CIO: It’s time to mandate blockchain for international shipping When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry – making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1⁄2 inches. FedEx CIO Rob Carter believes the same kind of thing needs to happen for…
Read More
26 Apr 2019
By Devon

InfoSec News Nuggets – April 26, 2019

1 Unsealed warrant in Massachusetts adds to growing privacy debate A US judge gave the cops permission to force people's fingers onto seized iPhones to see who could unlock them, a newly unsealed search warrant has revealed. Specifically, Judge Judith Dein, of the federal district court of Massachusetts, gave agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) the right to press Robert Brito-Pina's fingers on any iPhone found in his apartment in…
Read More
25 Apr 2019
By Devon

InfoSec News Nuggets – April 25, 2019

1 Teen Sues Apple for $1 Billion, Saying Facial Recognition Mistook Him for a Thief An 18-year-old student from New York is suing Apple for $1 billion, claiming he was wrongfully accused of stealing gadgets from a number of Apple stores in Boston, Manhattan, New Jersey and Delaware last year, writes The New York Post. Ousmane Bah says the company’s facial recognition technology misidentified him after his ID was lost. It is believed his driving…
Read More